Let’s encrypt SSL/TLS is free automated technology offered by Internet Security Research Group (ISRG). Transport Layer Security (TLS) and SSL (Secure Sockets Layer) is a technology that encrypts sensitive information as it travels across the internet.
If you handle a lot of private information on your website, SSL/TLS will be essential to provide the privacy and data integrity from your customers’ information.
SSL is also one of those essential website features that provide trust to your customers by letting them know that their connection to your website is secured. In this guide, we will focus on setting up let’s encrypt SSL/TLS certificate with Nginx on an Ubuntu 18.04 server.
Prerequisites
- A VPS plan running Ubuntu 18.04 Operating system (read our VPS hosting review here)
- Nginx web server
- A non-root user with sudo privileges
- A domain name(e.g. www.example.com)
Step 1: Installing Certbot
Certbot is an automated tool that obtains Let’s Encrypt certificates to enable HTTPS on your server. Before, we install on the Ubuntu 18.04 server, we need to add the repository first using the command below:
$ sudo add-apt-repository ppa:certbot/certbot
Press Enter to continue when prompted to do so.
Next, you need to update the package list so that it can pick up the updated repository information:
$ sudo apt-get update
Once the update is completed, you can now comfortably install Certbot on your Ubuntu 18.04 server using the command below:
$ sudo apt-get install python-certbot-nginx
Press Y and hit Enter when prompted to confirm the installation .
Step 2: Editing Nginx website configuration file
In an Ngnix environment, the configuration files of your websites are located on the directory ‘/etc/nginx/sites-available/’
This is where Certbot looks to automatically configure an SSL certificate for your website. The tool need to find the right server block with the right ‘server_name’ directive that matches your domain name.
If you are hosting multiple websites, you need to edit the correct configuration file. However, for a single site, you can edit the default configuration file using nano text editor using the command below:
$ sudo apt-get install python-certbot-nginx
for the directive ‘server_name’ and overwrite the underscore (_) value with your domain name. For instance if your domain name is ‘example.com’, the line should look as follows:
... $ server_name example.com www.example.com; ...
Press CTRL + X, Y and hit Enter to save the changes to the file.
To avoid running Certbot with errors on your configuration file, you should run the command below first:
$ sudo nginx -t
If the syntax of your website configuration file is okay, you will get the output ‘test is successful’
Reload Nginx for the configuration to take effect:
$ sudo systemctl reload nginx
Step 3: Run Certbot to retrieve SSL certificate
With these settings in place, we can run Certbot to obtain our SSL certificate.
Use the below syntax:
$ sudo certbot --nginx -d example.com -d www.example.com
Remember to replace ‘example.com’ with the actual domain name of your website
You will be prompted to enter an email address for urgent renewal of the certificates when running the command for the first time.
Next, enter ‘A’ and hit Enter to agree to the terms.
On the next step, enter ‘Y’ and hit Enter to share your email address with Electronic Frontier Foundation. This is optional, you may enter ‘N’ if you don’t want to share your personal email address with them
Finally, Certbot will obtain an SSL certificate for your domain and you will get a congratulations message.
Step 4: Test the installation
Up to this point, your website can be served via the HTTPS protocol. You can enter your website address as shown below to verify the changes
$ https://www.example.com
Remember to allow Ngnix on the HTTPS port if you are using a firewall e.g. UFW by running the command below:
$ sudo ufw allow 'Nginx Full'
Also, you can test if the renewal of your SSL certificate is working, by running the command below:
$ sudo certbot renew --dry-run
Conclusion
You have just learnt how to install Let’s Encrypt SSL/TLS certificate on your Ubuntu 18.04 VPS running Ngnix as a web server. You can now rest assured that sensitive data is secured as it travels from your visitors’ browsers to your server for added security.
Check out these top 3 Dedicated server hosting services:
- Do you need the best VPS? Read about our different offers.