Securing Nginx Server Using (Let’s Encrypt) [Ubuntu]

In this guide, you’ll learn how to use secure your Nginx server for free with Let’s Encrypt, this way, you can ensure your websites are encrypted and available over HTTPS.

Let’s Encrypt provide free SSL/TLS certificates. You can get a valid SSL certificate for your domain at no cost. These certificates can be used in a production environment as well.

Note: Let’s Encrypt do a DNS check for the domain, that domain is pointed to the current server. After that it issues a certificate for the domain, so, it won’t work for local development, although there is another approach for that, which is beyond the scope of this guide.

First, install certbot-auto, and save it under /usr/sbin directory, the cerbot-auto is a Let’s Encrypt client, it is used to automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

First, add the repository:

sudo add-apt-repository ppa:certbot/certbot

Install Certbot’s Nginx package with apt:

sudo apt install python-certbot-nginx

Before we get an SSL certificate for the domain, you need to make sure your server block reflects the domain name, e.g if your website is

Your servername within the server block should be:


The above config is typically located in /etc/nginx/sites-available/

If all is done, you should be ready to go, but you can still confirm the configuration syntax with sudo nginx -t This would help you notify you of any error or typo

The next step is to get an SSL certificate, use the following command to do that:

sudo certbot --nginx -d -d

This runs certbot with the –nginx plugin, using -d to specify the names we’d like the certificate to be valid for. In my case, it is, so you can change that.

This would do a strong Domain Validation automatically with multiple challenges to verify the ownership of the domain. Once the Certificate Authority (CA) verified the authenticity of your domain, the SSL certificate will be issued.

You will be prompted for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, it would ask a few more questions. After completion, it will issue an SSL certificate.

Comment policy: Respectful and beneficial comments are welcome with full open hands. However, all comments are manually moderated and those that doesn't relate with what the passage is saying or offensive comments would be deleted. Thanks for understanding!

Leave a Reply

Your email address will not be published. Required fields are marked *