Hamsa K
Editor
7 min read | 3 years ago

How to Install Lets Encrypt with Nginx on Ubuntu 18 04

Setup let's encrypt certificate with nginx on ubuntu 18.04

Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates freely.You can generate CA-singed SSL certificate for any domain.It also provides an option to auto-renew SSL certificates.It was launched in April 2016.

prerequisites:

you should login with root user or any other non root user with sudo privileges.

and install nginx on your system.

Step 1: Install Let's Encrypt client

First we will update the package list and install them with following commands.

root@ubuntu18:~# apt update
root@ubuntu18:~# apt install software-properties-common

Now add repositories universe and certbot

Also Read -> How to Install JAVA on Ubuntu 18 04 bionic

root@ubuntu18:~# add-apt-repository universe
root@ubuntu18:~# add-apt-repository ppa:certbot/certbot
root@ubuntu18:~# apt update

we will install certbot client now

root@ubuntu18:~# apt install certbot python-certbot-nginx

We hope you are following "How to Install Lets Encrypt with Nginx on Ubuntu 18 04" step by step carefully. The remaining steps will help you to finish the upgrade process..

Step 2: Allow nginx in firewall

If firewall is running on your system then allow nginx like below

root@ubuntu18:~# ufw allow 'Nginx Full'
Rules updated
Rules updated (v6)

Also Read -> How to Install LAMP stack on Ubuntu 18 04

Step 3: Install SSL certificate

root@ubuntu18:~# sudo certbot --nginx

output:

root@ubuntu18:~# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): xxxx@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): example.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/example.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2  << Redirect from HTTP to HTTPS
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/example.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com

Also Read -> How to Install and Configure Mongodb on Ubuntu 18 04

Step 4: Test ssl

you can Test your site with SSL Labs using below url

https://www.ssllabs.com/ssltest/analyze.html?d=your_domain.com

Step 5: Auto renewal

As Let’s Encrypt certs expire after 90 days, they need to be checked for renewal periodically and it is advisable to renew your certificates before they expire.you can do the certificate renewal process with below command.

root@ubuntu18:~# certbot renew --dry-run

Now you have successfully set up Let’s Encrypt certificate on Ubuntu 18.04.



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy