Tips&Tricks

How to use Let’s Encrypt for NGINX on Ubuntu

nginx logo green

Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group.

Web server NGINX is a free, open-source, high-performance HTTP server.

You can use HTTPS (an extension of HTTP with SSL / TLS encryption) on your website to secure connection.

Install packages:

apt update
apt install -y \
python-software-properties software-properties-common
add-apt-repository ppa:certbot/certbot
apt update apt install -y \
certbot

Add the location for Let’s Encrypt in server section of your site’s nginx config:

server {
...
# Let's Encrypt
location ^~ /.well-known/acme-challenge/ {
root /path/to/static/;
add_header Cache-Control public;
allow all;
}
...
}

Reload nginx configuration

systemctl reload nginx

Get certifies from Let’s Encrypt

certbot certonly -a webroot \
--webroot-path=/path/to/static/ \
-d DOMAIN_NAME -d www.DOMAIN_NAME

/path/to/static/ is the same directory which we define in nginx config.

Enable https in NGINX config:

server {
listen 443 ssl;
server_name DOMAIN_NAME www.DOMAIN_NAME;
# SSL cert
ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
# Let's Encrypt location
^~ /.well-known/acme-challenge/ {
root /path/to/static/;
add_header Cache-Control public;
allow all;
}
...
# Here you can place your locations.
}

Reload nginx configuration

systemctl reload nginx