LinuxTutorialsUbuntu

How To Install Let’s Encrypt SSL for Nginx on Ubuntu 18.04 LTS

Install Let’s Encrypt SSL for Nginx on Ubuntu 18.04 LTS

In this tutorial, we will show you how to install Let’s Encrypt SSL for Nginx on Ubuntu 18.04 LTS. For those of you who didn’t know, Let’s Encrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation Let’s Encrypt SSL for Nginx on Ubuntu 18.04 LTS server.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 18.04.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Let’s Encrypt SSL for Nginx on Ubuntu 18.04 LTS Bionic Beaver

Step 1. First, make sure that all your system packages are up-to-date by running the following apt-get commands in the terminal.

apt-get update
apt-get upgrade

Step 2. Installing Let’s Encrypt SSL on Ubuntu 18.04 LTS.

First, Add Certbot to the repository:

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx

Step 3. Setup Domain Name to Server Block.

Certbot automates the configuration of SSL for Nginx by looking for the server_name directive that matches the domain you’re requesting a certificate for. If you have already configured the server_name directive previously, you can skip to Step 4.

Step 4. Generate Certs using Certbot.

First, We can now generate certs using Certbot. Replace idroot.us with your own domain:

sudo certbot --nginx -d idroot.us -d www.idroot.us

Enter an email address where you can be contacted in case of urgent renewal and security notices:

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:

Press a and ENTER to agree to the Terms of Service:

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:

Press n and ENTER to not share your email address with EFF:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for idroot.us
http-01 challenge for idroot.us
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default

If successful, you will be able to choose between enabling both HTTP and https access or forcing all requests to redirect to https:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Press 2 and ENTER to redirect HTTP traffic to HTTPS:

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://idroot.us and
https://www.idroot.us

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=idroot.us
https://www.ssllabs.com/ssltest/analyze.html?d=www.idroot.us
-------------------------------------------------------------------------------

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/idroot.us/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/idroot.us/privkey.pem
Your cert will expire on 2018-12-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Step 5. Set up auto-renewal Let’s Encrypt.

Let’s Encrypt certificates are valid for 3 months, they need to be checked for renewal periodically. Certbot will automatically run twice a day and renew any certificate that is within thirty days of expiration:

sudo certbot renew --dry-run

Congratulations! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL on Ubuntu 18.04 LTS Bionic Beaver system. For additional help or useful information, we recommend you check the official Let’s Encrypt website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button