Setup Let's Encrypt SSL For Nginx On Ubuntu

Oct 6, 2017
Install certbox, setup nginx, obtain ssl and auto renewal.

Install Certbot

sudo add-apt-repository ppa:certbot/certbotsudo apt-get updatesudo apt-get install python-certbot-nginx

Check if Cerbox is running properly.

cerbot --version

If you run into the following error, run sudo pip install -U six to fix it.

  File "/usr/lib/python2.7/dist-packages/acme/messages.py", line 46, in <module>
    @six.python_2_unicode_compatible
AttributeError: 'module' object has no attribute 'python_2_unicode_compatible'

Setup nginx

If you haven't install nginx yet, refer to setup and install nginx.

Setup nginx configuration for your domain.

cd /etc/nginx/sites-available/sudo cp default mydomain# edit mydomain configuration filesudo vi mydomain

Edit mydomain nginx configuration file to configure root and server_name.

server {
  ...

  # the html files are stored here
  root /usr/share/nginx/mydomain;
  ...

  # handle domain
  server_name mydomain.com www.mydomain.com;

  ...
}

Test if nginx configuration edit is done properly.

sudo nginx -t

Restart nginx.

sudo service nginx restart

Obtain SSL for nginx

Use certbot to obtain ssl for mydomain.com and www.mydomain.com.

sudo certbot --nginx -d mydomain.com -d www.mydomain.com

You shall be prompted to select

1) Allow both http and https
2) Redirect http request to https

You can list all available SSL certficates on this machine.

certbot certificates

Nginx configuration at etc/nginx/sites-available/mydomain is edited accordingly. Verifiy if the configuration is valid and restart nginx.

sudo nginx -tsudo service nginx restart

You can access your domain website using SSL now https://www.mydomain.com.

Auto Renewal

The SSL certificates expire every 3 months. You need to setup auto renewal through a cronjob.

sudo crontab -e

The following configuration will attempt to renew SSL at 1am daily. Renewal will run successfully one month before expiry date.

* 1 * * * /usr/bin/certbot renew --quiet

❤️ Is this article helpful?

Buy me a coffee ☕ or support my work via PayPal to keep this space 🖖 and ad-free.

Do send some 💖 to @d_luaz or share this article.

✨ By Desmond Lua

A dream boy who enjoys making apps, travelling and making youtube videos. Follow me on @d_luaz

👶 Apps I built

Travelopy - discover travel places in Malaysia, Singapore, Taiwan, Japan.

Tags
Related articles
Let's Encrypt Ssl Using Webroot AuthenticatorSelf Signed SSL For Nginx And Chrome Trusted Authority (Ubuntu)Obtain Let's Encrypt SSL Certificate Using Manual DNS VerificationHow to Restore a Deleted Let's Encrypt Cert (Nginx Authenticator, Certbot)Delete Lets Encrypt Certificates (Certbot)Troubleshoot When Let's Encrypt Renewal Is Not WorkingCloudflare SSL: Things you should knowUpdate Certbot On UbuntuLets Encrypt Delete Certificate And Config After StagingDeploy Let's Encrypt SSL On Google App Engine (Full Automation)How To Install Latest Version Of Certbot