Installing a free SSL certificate (HTTPS) for Nginx on Ubuntu 18.04

In this post, I am going to explain how to obtain a free SSL certificate and install it on the Nginx server. Recently I wrote a similar post about installing SSL on the Apache2 HTTP server. You can find it here. Some steps are identical in both cases but I will repeat everything in order to create a complete tutorial here as well.

Free certificates are usually sufficient for private blogs or communication in the internal network e.g. in the microservices architecture. In other cases, I highly recommend buying a commercial certificate.

Virtual host configuration

When you have installed Nginx on your machine, create a new configuration file in /etc/nginx/sites-available directory and paste the following configuration. Remember to change root and server_name variables to corresponding with your project directory and a domain name. You do not need to configure a host for HTTPS. Certbot will do it for you.

server {
    listen 80;
    listen [::]:80;

    root /var/www/your_project;
    index index.html index.htm;

    server_name your-domain.com;

    location / {
        try_files $uri $uri/ =404;
    }
}

Don’t forget to enable your new configuration and restart Nginx.

sudo ln -s /etc/nginx/sites-available/your_project.com /etc/nginx/sites-enabled/
sudo systemctl restart nginx

Obtaining a certificate

The next step is installation of the Certbot with Nginx plugin. It will make entire process much easier.

    sudo add-apt-repository -y ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install -y python-certbot-nginx
Update for Ubuntu 20.04

If you are using Ubuntu 20.04, you don’t have to add an external repository. Also, you have to use certbot plugins compatible with Python3. In order to install certbot and nginx plugin just execute commands below instead of the ones above.

sudo apt-get update
sudo apt-get -y upgrade
sudo apt install -y certbot python3-certbot-nginx

Now we are ready to generate our certificate. To start the process, just type the following command with your domain name.

sudo certbot --nginx -d your-domain.com

You will be asked to enter your e-mail address and accept the Terms of Service.

In the last step, you will be asked if you want to redirect all the traffic from HTTP to HTTPS. If you don’t know what to do, just type ‘2’. If you needed to keep a different version of your website over HTTP and HTTPS, you would probably know that.

That’s all. Certbot automatically added certificates to your virtual host configuration. Now you should be able to reach your website over HTTPS.

Extending certificates for subdomains

When you want to add a certificate for a subdomain, you can simply extend an existing one. Just type the following command.

sudo certbot --nginx -d your-domain.com -d subdomain.your-domain.com

Automatic renewal

Certificates issued by Let’s Encrypt are valid much shorter than commercial ones, usually 90 days. The most convenient way to keep your cert valid is to set up a Cron job that will periodically refresh it. Make sure to add this to the root’s Cron job (or another user with sufficient permissions).

0 2 */15 * * certbot renew --renew-hook "systemctl restart nginx"

Summary

This tutorial is intended for Nginx on Ubuntu, however, all steps are very similar for all Linux distributions. If you are looking for the tutorial based on the Apache2 server you can find it here.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *