How to Install Let’s Encrypt SSL on Ubuntu 18.04 with Nginx

In this tutorial, we will guide you through the steps of installing Let’s Encrypt SSL certificate on an Ubuntu 18.04 VPS and configure it with Nginx web server.

Let’s Encrypt is a free and automated certificate authority organization. They aim to bring secure websites to all users across the web. They make installations easy and simple, and you can even set up auto-renewal so that you never have to worry about your certificate expiring. Let’s get started with the installation.

Prerequisites

  •  Server with Ubuntu 18.04 OS. This should work with other Linux distributions as well, but this tutorial specifically talks about Ubuntu 18.04.
  •  System user with sudo privileges, or the root account
  •  Domain or subdomain which is pointed to your server. For the purposes of this tutorial, we will use domain.com as an example.

Step 1: Log in and Update the Server

First of all, login to your Ubuntu 18.04 server through SSH as user root, or any other user with sudo privileges

ssh root@IP_Address -p Port_Number

Where ‘IP_Address’ and ‘Port_Number’ are the actual IP address of your server and the SSH port number.

Once you are logged in, run the following commands to make sure that all installed packages on your server are updated to the latest available version

apt update && apt upgrade

You can also enable automatic updates on your server as described in one of our previous blog posts, which is highly recommended. This way, the system will automatically check for updates.

Step 2: Install the Nginx Web Server

In this tutorial, we will install and use Nginx web server. It is a free, open-source, and high-performance web server known for its great performance, stability, low resource usage, extensive feature set, and simple configuration. Nginx is available in the official Ubuntu 18.04 repositories and the installation is pretty easy. Run the following command to install it on your server

apt -y install nginx

Once the Nginx web server is installed, it should be automatically started. You can check its status with the following command

systemctl status nginx

Output:

â nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-07-24 02:40:17 CDT; 1min 8s ago
     Docs: man:nginx(8)
  Process: 28420 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 28419 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 28421 (nginx)
    Tasks: 3 (limit: 2321)
   CGroup: /system.slice/nginx.service
           ââ28421 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ââ28422 nginx: worker process
           ââ28423 nginx: worker process

Jul 24 02:40:17 hostname systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 24 02:40:17 hostname systemd[1]: Started A high performance web server and a reverse proxy server.

Enable Nginx to automatically start after a server reboot

systemctl enable nginx

Step 3: Install Certbot

Certbot is a free and open-source tool written in Python which helps to obtain the SSL certificate from Let’s Encrypt and configure it onto your web server. The version of Cerbot that can be installed from the official Ubuntu repositories is outdated, so in order to install the latest version maintained by the Certbot team, we will have to add the Certbot PPA to your list of repositories.

To do that, run to following commands on your server

apt install  software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot

During the process of adding the repository, you will be prompted to hit the Enter button to accept it. After that update the repositories list

apt update

Once the repository is added and the repositories list updated, go ahead and install the Certbot Nginx package

apt -y install python-certbot-nginx

Step 4: Install a Let’s Encrypt SSL certificate

As we mentioned in the ‘Prerequisites’ section of the tutorial, we will use domain.com as an example domain. So, in order to obtain Let’s Encrypt SSL certificate for this domain name, we will run Certbot with the –nginx plugin which will edit the Nginx configuration for the specific domain.

certbot --nginx -d domain.com -d www.domain.com

During the installation of the Let’s Encrypt SSL certificate, you will be prompted to enter an email address used for urgent renewal and security notices

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@domain.com

Read and accept Let’s Encrypt’s Terms of Service

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

Choose whether or not you want to redirect all traffic to HTTPS, which is recommended.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
-------------------------------------------------------------------------------

With this step, the SSL certificate for domain.com is successfully installed and you can access your domain name at https://domain.com. You can use Certbot to verify this and check the certificate expiration date

certbot certificates

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: domain.com
    Domains: domain.com
    Expiry Date: 2019-10-22 08:56:19+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------

Step 5: Test automatic renewal

The certbot package we installed in this tutorial comes with a systemd timer that will check the SSL certificate and automatically renew it before it expires. You can check if the timer is running as shown below

systemctl list-timers |grep certbot
Wed 2019-07-24 15:38:39 CDT  9h left       n/a                          n/a          certbot.timer                certbot.service

To test if the automatic renewal works properly, issue the following command

certbot renew --dry-run

If it works, then that’s it! You have successfully set up a Let’s Encrypt certificate on your Ubuntu 18.04 VPS, as well as set up auto-renewal.


Of course, if you are one of our Managed Ubuntu Hosting customers, you don’t have to install Let’s Encrypt on Ubuntu 18.04 with Nginx – simply ask our admins, sit back, and relax. Our admins will install Let’s Encrypt on Ubuntu 18.04 with Nginx for you immediately.

PS. If you liked this post on how to install Let’s Encrypt on Ubuntu 18.04 with Nginx, please share it with your friends on the social networks using the share buttons below, or simply leave a comment in the comments section. Thanks.

Leave a Comment