Secure Nginx with Let’s Encrypt SSL Certificate on Ubuntu 18.04

Filed Under: NGINX

What is SSL Certificate?

Over time, cases of internet related security breaches have been on the rise as hackers continue working round the clock to steal user data for malicious purposes. An SSL certificate is a digital certificate that is installed on website servers primarily for encrypting data sent between the user browser and the server so that only the intended recipient accesses it. This is crucial because, without encryption, information is sent as plain text data and can easily be intercepted by hackers.

For this reason, most e-commerce stores and online money payment platforms such as PayPal encrypt their websites. SSL certificate also allows for authentication and ensures that information is sent to the right server and not a hacker.

Google Likes Secure Sites

SSL certificate helps to rank your site higher in Google. According to Google’s announcement, SSL encrypted sites will rank higher than those without and which are considered unsafe. A secured site is symbolized by a padlock on the URL bar and the URL preceded by https instead of HTTP. If your sites lack secure HTTPS extension, Google indicates the site URL as “Not Secure” and this can negatively impact
your site rankings.

Nginx with Let’s Encrypt SSL Certification on Ubunutu

In this article, we will look at how to secure Nginx with Let’s encrypt SSL on Ubuntu 18.04. Let’s Encrypt is a free and automated SSL provided by Let’s encrypt authority. By 2018, Let’s Encrypt had secured over 150 million websites.

Let’s gets started and see how we can secure Nginx with Let’s encrypt SSL on Ubuntu 18.04.


To get started, ensure you have the following:

  • Server instance of Ubuntu server 18.04 with ssh access
  • A non-root use with sudo privileges
  • A fully Qualified Domain Name (FQDN) with an A record pointed to the server’s IP address
  • In this example , we are going to use the domain name which is pointed to a VPS with IP address

Step 1. Installing Nginx

The first thing will be to install Nginx web server. But first, update your system by logging in as a non-root user and executing the following command.

$ sudo apt update

Next, install Nginx with the following command.

$ sudo apt install nginx


apt Install Nginx

Once installed, verify that Nginx is running by executing the following command.

$ sudo systemctl status nginx


Check Nginx Status

Great! Now that we have installed our web server, let’s proceed to the next step.

Step 2. Install Certbot

Let us now install Certbot on our server. In this example, we will use the Ubuntu software repository that contains all the updated files. To add the Certbot repository run the following command.

$ sudo add-apt-repository ppa:certbot/certbot


Installing Certbot

Installing Certbot

To make the system repositories aware of the changes made, please update the system.

$ sudo apt update

Step 3. install Certbot Nginx package

We are then going to install the Certbot Nginx package. To achieve this run the command below:

$ sudo apt-get install python-certbot-nginx


Installing Certbot

Step 4. Updating Firewall to allow HTTPS traffic

we need to allow HTTPS traffic through the firewall for SSL to work using port 443. Let’s first check the status of the firewall.

$ sudo ufw status


Sudo Ufw Status

Before we enable the firewall, let’s first allow “Nginx Full” which will take care of both HTTP and HTTPS.

$ sudo ufw allow 'Nginx Full'


Ufw Status Active

Let us now enable the ufw firewall. Hit ‘y’ when prompted.

$ sudo ufw enable


Sudo Ufw Enable

Let’s verify if the rules were added to the firewall.

$ sudo ufw status


Ufw Status Active

Ufw Status Active

Step 5. Generating SSL certificate

The last part is the generation of the Let’s Encrypt SSL certificate. To achieve this, use the syntax below.

$ sudo certbot --nginx -d -d

This will generate the SSL certificate that will be valid for as well as

In our case, we shall have;

$ sudo certbot --nginx -d -d


Obtaining A New Certificate

If you are running Certbot for the first time, you will first be prompted to enter an Email address.

Communication will then be initiated with Let’s Encrypt server and try to verify that you control the domain you are asking for a certificate.

Certbot Enter Email Address

Next. Press A to agree to the terms of service.

Agree With Terms Of Service

Next, you will be asked whether you would like your email address to be shared with EFF. Here, you can either decide to opt in or out.

Willing To Share Your Mail Certbot

The Next step is where everything matters. This is the point where you will be required to redirect HTTP to HTTPS requests. Select the second option.

Redirect HTTP To HTTPS

If all went well, you will get a message verifying that all went well.

Congratulations Lets Encrypt Installed

Wonderful! you have successfully installed Let’s encrypt SSL on your Nginx web server.

To verify this, Go to your server’s address in the browser and refresh.


Take note that the URL has changed from HTTP to HTTPS at the beginning. To view more information about the SSL certificate, click on the padlock symbol and select ‘Certificate’ option.

View Certificate Info


Lets Encrypt Ssl Certificate Info

Renew Let’s Encrypt SSL Certificate

Let’s encrypt certificate validity is 90 days. This means renewal is after 3 months. The renewal for automation is automatically done by Let’s encrypt. To test the renewal process, do a dry run with Certbot as shown.

sudo certbot renew --dry-run

Certbot Renew Dry Run

If there are no errors then, everything went according to the plan and as needed the auto-renewal of will take place. All messages about CA expiration will be sent to the Email address specified during configuration.


  1. vinayan says:

    how to secure another domain after this

  2. Rod Schell says:

    Please add me to you newsletter.

Comments are closed.

Generic selectors
Exact matches only
Search in title
Search in content