Securing Your Nginx Website with Let's Encrypt and Certbot

Introduction

Let's Encrypt is a free, automated, and open Certificate Authority, providing SSL/TLS certificates for secure website communication. Certbot is a widely used tool that automates the process of obtaining and renewing Let's Encrypt certificates.

Prerequisites

Before you start, ensure you have:

A registered domain (e.g., your_domain.com) pointing to your server's IP.
Nginx installed on your server -- see Nginx Configurations An Overview post.

Step 1: Install Let's Encrypt and Certbot

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Obtain SSL Certificate

Run Certbot to obtain and install the SSL certificate:

sudo certbot --nginx -d your_domain.com -d www.your_domain.com

Follow on-screen prompts. Certbot will auto-update your Nginx config.

Step 3: Verify Auto-Renewal

Certbot auto-sets renewal tasks. Test renewal with:

sudo certbot renew --dry-run

Nginx Configuration

After Certbot, Nginx config is updated. Here's an example:

server {
    listen 80;
    server_name your_domain.com www.your_domain.com;
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name your_domain.com www.your_domain.com;

    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;

    # Additional SSL config...

    location / {
        # Your Nginx config...
    }
}

This Nginx config redirects HTTP to HTTPS, including Let's Encrypt SSL certificate paths.

Conclusion

Your Nginx website is now secured with Let's Encrypt SSL. Periodically check and renew certificates for continuous security.

For details, refer to Certbot documentation and Let's Encrypt documentation.

Securing Your Nginx Website with Lets Encrypt and Certbot

Create 2023-21-03

by Georg R. Pollak