To set up Let's Encrypt with Nginx on Ubuntu, follow these steps:
- Install Certbot and its Nginx plugin by running the following commands:
sudo apt update
sudo apt install certbot python3-certbot-nginx
- Adjust your firewall to allow HTTPS traffic. You can either add the Nginx HTTPS profile or use Nginx Full and delete the existing Nginx HTTP rule:
sudo ufw allow 'Nginx HTTPS'
sudo ufw deny 'Nginx HTTP'
sudo ufw allow 'Nginx Full'
Verify that you added a rule allowing HTTPS traffic by using the ufw status command.
- Obtain an SSL certificate by running the following command, replacing yourdomain.com and www.yourdomain.com with your domain names:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot will ask you some question like this:
sudo certbot --nginx -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): youtemail@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for yourdomain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/insightq.ahmadrosid.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/insightq.ahmadrosid.com/privkey.pem
This certificate expires on 2023-08-02.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for insightq.ahmadrosid.com to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://insightq.ahmadrosid.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -The Nginx plugin for Certbot will reconfigure Nginx and reload its configuration when necessary.