Website security is now essential in today's digital environment. Securing your website with HTTPS has become essential for trust, performance, and search engine ranking due to the increase in cyber threats and users' growing awareness of privacy. SSL/TLS certificates are necessary for any serious online presence because search engines favor encrypted websites and modern browsers actively alert users when a website is not secure.
One of the most widely used web servers, NGINX, powers millions of websites globally and is renowned for its excellent performance and stability. It offers a quick, safe, and dependable basis for serving web content when paired with SSL encryption. However, because of the complexity of configuration and certificate management, setting up SSL can be intimidating for many developers and system administrators.
Here's where Certbot makes things easier. Certbot eliminates a significant portion of the manual labor typically involved in HTTPS setup by automating the purchase, installation, and renewal of free SSL certificates from Let's Encrypt. We'll go over how to install NGINX, secure it with SSL using Certbot, and make sure your website stays safe with little to no maintenance in this guide.
Installing and Configuring NGINX on Ubuntu
Installing and configuring a web server is the first step before using SSL to secure your website. We'll use NGINX, a high-performance, lightweight web server that is frequently used for reverse proxying and serving web applications, in this tutorial.
Prerequisites
An Ubuntu server (18.04, 20.04, or later)
A non-root user with sudo privileges
A registered domain name pointing to your server’s IP address
Install NGINX
Start by updating your package list and installing NGINX using the default Ubuntu repositories
sudo apt update
sudo apt install nginx
Once installed, NGINX automatically starts running on your server.
You can confirm that NGINX is running by checking its status:
sudo service nginx status
Alternatively, open your server’s public IP address in a browser. If NGINX is working correctly, you should see the default “Welcome to NGINX” page.
Configure a Server Block
NGINX uses server blocks (similar to virtual hosts in Apache) to manage multiple websites on a single server.
Navigate to the directory where enabled site configurations are stored
cd /etc/nginx/sites-enabled
Create a new configuration file for your domain (replace proxy with a meaningful name)
sudo nano proxy
Add the following configuration
server {
listen 80;
listen [::]:80;
server_name YOUR-DOMAIN-NAME;
location / {
proxy_pass http://localhost:PORT/;
}
}
Configuration Breakdown:
- listen 80: Listens for incoming HTTP traffic
- server_name: Replace with your actual domain (e.g., example.com)
- proxy_pass: Forwards requests to an application running locally (such as a Node.js or backend service)
- PORT: Replace with the port your application is running on (e.g., 3000)
Save and exit the file (CTRL + O, then CTRL + X).
Test NGINX Configuration
Before applying changes, always test the configuration syntax
sudo nginx -t
If the output shows “syntax is ok” and “test is successful”, you’re good to proceed.
Restart and check status of NGINX
sudo service nginx restart
sudo service nginx status
Securing NGINX with SSL Using Certbot (Let’s Encrypt)
Enabling HTTPS is a crucial next step after NGINX has successfully served your application over HTTP. In addition to preventing man-in-the-middle attacks and enhancing user confidence and search engine rankings, SSL/TLS encryption safeguards data transferred between users and your server.
In this section, we'll automatically acquire and set up a free SSL certificate for NGINX using Certbot, the official Let's Encrypt client.
Install Certbot Using Snap
On Ubuntu, the recommended way to install Certbot is via Snap, as it ensures you always receive the latest and most secure version.
First, install and update the Snap core
sudo snap install core
sudo snap refresh core
Next, install Certbot:
sudo snap install --classic certbot
To make the certbot command globally accessible, create a symbolic link
sudo ln -s /snap/bin/certbot /usr/bin/certbot
You can verify the installation by running
certbot --version
Obtain and Install SSL Certificate for NGINX
Certbot can automatically detect your NGINX configuration and configure SSL with minimal input.
Run the following command
sudo certbot --nginx
During the process, you will be prompted to:
- Enter your email address (used for renewal and security notices)
- Agree to the Let’s Encrypt terms of service
- Select the domain(s) you want to secure
- Choose whether to redirect HTTP traffic to HTTPS (recommended)
Once completed, Certbot will:
- Generate an SSL certificate
- Update your NGINX configuration automatically
- Reload NGINX with HTTPS enabled
Verify HTTPS Configuration
After Certbot finishes, open your website in a browser using
https://YOUR-DOMAIN-NAME
You should now see a secure connection (🔒) in the browser’s address bar.
Automatic Certificate Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot automatically sets up a renewal timer, but you can test it manually
sudo certbot renew --dry-run
This ensures your SSL certificates will renew automatically without service interruption.
Top comments (0)