Generate SSL Certificates for Websites on Ubuntu NGINX with Certbot

In today’s digital world, SSL (Secure Socket Layer) certificates are essential for securing your website. They ensure that the data exchanged between your website and your visitors is encrypted and protected from malicious attacks. If you’re using Ubuntu with NGINX as your web server, Certbot is an excellent tool for obtaining and renewing SSL certificates for free.

In this article, we will walk you through the entire process of generating SSL certificates on Ubuntu with NGINX using Certbot. Whether you’re setting up SSL for the first time or renewing an existing certificate, this step-by-step guide will make the process easy.

Prerequisites

Before we get started, ensure you have the following:

1. Ubuntu server with NGINX installed.
2. Domain name pointing to your server.
3. Root or sudo access on the server.

Step 1: Update Your System

Before starting, ensure your server’s package list and software are up to date. Open your terminal and run the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install NGINX (if not already installed)

If NGINX isn’t installed, set it up with:

sudo apt install nginx -y

Verify the installation by checking the NGINX version:

nginx -v

Ensure NGINX is running:

sudo systemctl start nginx
sudo systemctl enable nginx

Step 3: Install Certbot

Certbot is a tool for automating SSL certificate generation with Let’s Encrypt.

First, install the required software:

sudo apt install certbot python3-certbot-nginx -y

Step 4: Configure Your NGINX Server Block

Edit your NGINX configuration file to include the domain name you want to secure. For example, if your domain is example.com, edit the file:

sudo nano /etc/nginx/sites-available/example.com

Add the following basic configuration:

server {
    listen 80;
    server_name example.com www.example.com;

    root /var/www/example.com/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Save and exit the file. Then, test the configuration:

sudo nginx -t

Reload NGINX to apply the changes:

sudo systemctl reload nginx

Step 5: Generate the SSL Certificate

Run Certbot to obtain an SSL certificate for your domain:

sudo certbot --nginx -d example.com -d www.example.com

Certbot will prompt you to provide an email address and agree to the terms of service. Once complete, Certbot will automatically configure SSL for your NGINX server.

Step 6: Verify the SSL Configuration

Visit your website at https://example.com. Your browser should display the secure padlock icon, indicating the SSL certificate is active.

Alternatively, you can use the following command to check the SSL certificate:

openssl s_client -connect example.com:443

Step 7: Set Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days. Certbot’s automatic renewal feature ensures your certificates stay up to date. To check the renewal process, run:

sudo certbot renew --dry-run

If no errors appear, the automatic renewal is correctly configured.

Troubleshooting

1. Port 80 or 443 Blocked

Ensure that these ports are open on your server. You can open them with the following commands:

sudo ufw allow 'Nginx Full'

2. Domain Name Not Resolving

Verify that your domain name’s DNS records are correctly pointing to your server’s IP address.

Additional Resources

• NGINX Documentation
• Let’s Encrypt Documentation
• Certbot Instructions

Conclusion

Setting up SSL certificates on Ubuntu with NGINX is straightforward with Certbot. By following this guide, you’ll enhance your website’s security and build trust with your visitors. Remember to verify your configuration and ensure automatic renewal to maintain uninterrupted SSL coverage.

For further questions or troubleshooting tips, feel free to leave a comment below!