How to Add SSL to Your Website Using Let's Encrypt on Ubuntu and Nginx
If you're running a website, it's important to make sure that your visitors' data is secure. One way to do this is by adding SSL encryption to your website.
What is SSL?
SSL (Secure Sockets Layer) is a protocol that encrypts data as it's transmitted over the internet, making it much harder for hackers to intercept and read.
Fortunately, adding SSL to your website has become much easier in recent years thanks to Let's Encrypt.
What is Let's Encrypt?
Let's Encrypt is a free, automated, and open certificate authority (CA) that provides SSL certificates to website owners.
In this tutorial, we'll walk you through the steps to add SSL to your website using Let's Encrypt on an Ubuntu server running Nginx.
Also read, How To Create And Move Configuration File In Nginx: Step-By-Step Guide
Assumptions:
- You have an Ubuntu server running Nginx.
- You have a domain name registered and pointing to your server's IP address.
- You have root access to your server.
Step 1: Install Certbot
Certbot is a tool that automates the process of obtaining and installing SSL certificates from Let's Encrypt. To install Certbot, run the following commands:
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginxStep 2: Obtain an SSL Certificate
To obtain an SSL certificate for your main domain, run the following command:
sudo certbot --nginx -d example.com -d www.example.com
Replace example.com with your actual domain name. The -d option specifies the domain names you want to include in the certificate. In this example, we've included both the main domain and the www subdomain.
If this is the first time you've run Certbot, you'll be prompted to enter your email address and agree to the terms of service. Once you've done that, Certbot will automatically configure Nginx to use the SSL certificate.
Step 3: Verify SSL
After the certificate is installed, you can verify that SSL is working by visiting your website with https:// in the URL. If everything is working correctly, you should see a green padlock icon in your browser's address bar.
Step 4: Add SSL to Subdomains
To add SSL to a subdomain, run the same Certbot command as before, but replace example.com with your subdomain:
sudo certbot --nginx -d subdomain.example.com
This will generate a new SSL certificate for the subdomain and configure Nginx to use it.
Step 5: Automate Renewals
SSL certificates from Let's Encrypt are only valid for 90 days. To ensure that your website stays secure, you'll need to renew your certificate periodically.
Fortunately, Certbot includes a renewal script that can be run automatically.
To set up automatic renewals, run the following command:
sudo certbot renew --dry-run
This will simulate a certificate renewal and test that everything is working correctly. If everything looks good, you can add a cron job to run this command twice a day:
sudo crontab -e
Add the following line to the crontab file:
0 */12 * * * certbot renew --quietThis will run Certbot's renewal script every 12 hours.
Also read, 10 Best Practices For Optimizing NGINX Configuration
Conclusion
In this tutorial, we've walked you through the steps to add SSL to your website using Let's Encrypt on an Ubuntu server running Nginx.
By encrypting your website's data, you can help protect your visitors' privacy and security. With Let's Encrypt, it's easier than ever to add SSL to your website for free.
