This guide provides step-by-step instructions for installing SSL on an Ubuntu server using Let’s Encrypt. By the end of this tutorial, your website will be served over HTTPS, providing better security and data encryption. We’ll cover how to install Certbot, generate SSL certificates, and configure Nginx to use SSL.
25 min
Edited:16-09-2024
Securing your website with SSL (Secure Socket Layer) is essential for ensuring encrypted communication between your users and your server. In this guide, we’ll use Let’s Encrypt, a free, automated, and open Certificate Authority (CA), to install an SSL certificate on your Ubuntu server.
You should have Nginx already installed and serving a website.
You should have a domain name pointing to your server’s public IP address.
Make sure port 80 (HTTP) and port 443 (HTTPS) are open in your firewall.
First, ensure your package list is up to date.
1. sudo apt update
2. sudo apt upgrade
Let’s Encrypt uses Certbot to automate the SSL installation. You need to install Certbot and the Nginx plugin.
1. sudo apt install certbot python3-certbot-nginx
Before generating an SSL certificate, you need to ensure your Nginx configuration is set up properly. Open your Nginx configuration file for your domain. This will likely be in /etc/nginx/sites-available/yourdomain.com.
1. sudo nano /etc/nginx/sites-available/yourdomain.com
Ensure that your server block is listening on port 80. If it’s not there, add it:
1. server {
2. listen 80;
3. server_name yourdomain.com www.yourdomain.com;
4.
5. root /var/www/yourdomain.com/html;
6. index index.html;
7.
8. location / {
9. try_files $uri $uri/ =404;
10. }
11. }
Save and close the file, then reload Nginx:
Now, use Certbot to obtain an SSL certificate and configure Nginx to use it. Certbot will handle certificate issuance and renewal for you. Run the following command:
1. sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
You’ll be prompted to enter your email address and agree to the Let’s Encrypt terms of service. Certbot will also ask if you want to redirect HTTP traffic to HTTPS (recommended). Select this option to ensure all traffic is encrypted. Certbot will automatically modify your Nginx configuration to use SSL.
Once Certbot has obtained the certificate, you can verify that Nginx is using SSL by checking the configuration file:
1. sudo nano /etc/nginx/sites-available/yourdomain.com
You should see that Certbot has updated the file to include these lines:
1. server {
2. listen 443 ssl;
3. server_name yourdomain.com www.yourdomain.com;
4.
5. ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
6. ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
7.
8. root /var/www/yourdomain.com/html;
9. index index.html;
10.
11. location / {
12. try_files $uri $uri/ =404;
13. }
14. }
15.
16. server {
17. listen 80;
18. server_name yourdomain.com www.yourdomain.com;
19. return 301
20. https://$server_name$request_uri;
21. }
This configuration ensures that HTTP traffic is redirected to HTTPS, and SSL certificates are properly used.
1. sudo systemctl restart nginx
To check if your SSL certificate is installed correctly, open your browser and navigate to:
1. https://yourdomain.com
Let’s Encrypt certificates are valid for 90 days, but Certbot takes care of automatic renewals. You can verify the renewal process by running the command below. This command simulates a certificate renewal, ensuring everything is working as expected. Certbot automatically sets up a cron job to check for renewal twice daily:
1. sudo certbot renew --dry-run
By following these steps, you’ve successfully installed an SSL certificate on your Ubuntu server using Let’s Encrypt and configured Nginx to use HTTPS. Your website is now secured with SSL, ensuring encrypted communication for all visitors. Regular renewals are handled automatically, so you don’t need to worry about manual intervention.
14-10-2024
This article offers a detailed guide on installing and configuring IPTables on an Ubuntu VPS. IPTables is a powerful firewall tool that helps secure your server by controlling inbound and outbound traffic. Learn how to set up rules for traffic filtering, configure basic security policies, and apply custom rules to protect your VPS.
IPtables
security
12 min
This article offers a comprehensive guide on installing and configuring ModSecurity, a powerful web application firewall (WAF), on an Ubuntu VPS. Learn how to secure your server by filtering and monitoring HTTP requests, set up ModSecurity with Nginx or Apache, and apply rules to protect against common web attacks.
Modsecurity
security
10 min
14-10-2024
This article provides a comprehensive guide on installing and configuring PHP-FPM (FastCGI Process Manager) on an Ubuntu VPS. Learn how to optimize PHP performance for your web applications by configuring PHP-FPM with Nginx or Apache, managing pools, and fine-tuning settings for efficient processing of PHP scripts.
PHP-FPM
speed
optimise
12 min