Installing an SSL certificate on Nginx server with Let's Encrypt and Certbot

# [[Installing an SSL certificate on Nginx server with Let's Encrypt and Certbot]] ![[Installing an SSL certificate on Nginx server with Let's Encrypt and Certbot.svg]] %% Last Updated: - [[2021-02-08]], [[2024-09-13]] %% ## Prerequisites - [[Recommended practices for initializing a new virtual server|A virtual server]] - A domain name with `A` records pointing to your server - [[Nginx]] installation on your server with [[Setting up server blocks on Nginx|server blocks]] to use the file `/etc/nginx/sites-available/domain.com` ## Install Certbot Add the Certbot repo: ``` sudo add-apt-repository ppa:certbot/certbot ``` ### Install Nginx package of Certbot ``` sudo apt install python3-certbot-nginx ``` ## Allow HTTPS on firewall ### Add HTTPS to allowed list ``` sudo ufw allow 'Nginx Full' ``` ### Remove HTTP` Make it so only encrypted traffic is allowed. ``` sudo ufw delete allow 'Nginx HTTP' ``` ### Verify the configuration `sudo ufw status` should yield something like this: ```bash Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6) ``` ## Get new [[SSL]] cert You can obtain a free SSL certificate through [[Let's Encrypt]]: ``` sudo certbot --nginx -d notes.nicolevanderhoeven.com -d www.notes.nicolevanderhoeven.com ``` Go through the prompts and wait for the script to finish. ### Verify auto-renewal [[Let's Encrypt]] certificates are only available for 90 days by default (to make users automate the renewal process). Certbot should do this for you automatically, but to confirm it, run: ``` sudo certbot renew --dry-run ``` ### Verify through a browser Visit your site using https! ## References - [[DigitalOcean]]: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 ## Related - [[Nginx]] - [[Renew Let's Encrypt certificate for Bitwarden self-hosted]] - [[SSL]] %% # Excalidraw Data ## Text Elements ## Drawing ```json { "type": "excalidraw", "version": 2, "source": "https://github.com/zsviczian/obsidian-excalidraw-plugin/releases/tag/2.1.4", "elements": [ { "id": "4y8R7iOA", "type": "text", "x": 118.49495565891266, "y": -333.44393157958984, "width": 3.8599853515625, "height": 24, "angle": 0, "strokeColor": "#1e1e1e", "backgroundColor": "transparent", "fillStyle": "solid", "strokeWidth": 2, "strokeStyle": "solid", "roughness": 1, "opacity": 100, "groupIds": [], "frameId": null, "roundness": null, "seed": 967149026, "version": 2, "versionNonce": 939059582, "isDeleted": true, "boundElements": null, "updated": 1713723615080, "link": null, "locked": false, "text": "", "rawText": "", "fontSize": 20, "fontFamily": 4, "textAlign": "left", "verticalAlign": "top", "containerId": null, "originalText": "", "lineHeight": 1.2 } ], "appState": { "theme": "dark", "viewBackgroundColor": "#ffffff", "currentItemStrokeColor": "#1e1e1e", "currentItemBackgroundColor": "transparent", "currentItemFillStyle": "solid", "currentItemStrokeWidth": 2, "currentItemStrokeStyle": "solid", "currentItemRoughness": 1, "currentItemOpacity": 100, "currentItemFontFamily": 4, "currentItemFontSize": 20, "currentItemTextAlign": "left", "currentItemStartArrowhead": null, "currentItemEndArrowhead": "arrow", "scrollX": 583.2388916015625, "scrollY": 573.6323852539062, "zoom": { "value": 1 }, "currentItemRoundness": "round", "gridSize": null, "gridColor": { "Bold": "#C9C9C9FF", "Regular": "#EDEDEDFF" }, "currentStrokeOptions": null, "previousGridSize": null, "frameRendering": { "enabled": true, "clip": true, "name": true, "outline": true } }, "files": {} } ``` %%