Setting up HTTPS on nginx with Certbot

I had to setup HTTPS on my website so I figured I could write about it.

I’m using nginx as a web server on my VPS running Ubuntu. We could generate the SSL certificate with OpenSSL manually, but Certbot by Let’s Encrypt makes it trivial.

Install certbot and the nginx plugin

sudo apt install certbot python3-certbot-nginx

Setup your nginx conf

Make sure certbot can find your nginx server with the server_name variable matching the domain name you want to certify.

For example, in /etc/nginx/sites-available/example.com:

server_name example.com www.example.com;

If you modified your configuration, check for syntax errors:

sudo nginx -t

Then reload:

sudo systemctl reload nginx

Generate the certificate

The nginx plugin will configure everything automatically:

sudo certbot --nginx -d example.com -d www.example.com

Go through the prompts. Your certificate will be generated at /etc/letsencrypt/live/ in a directory with your domain name.

Reload nginx:

sudo systemctl reload nginx

Visit your site with https://. If you see the green lock, you’re done.

Make sure certificates are renewed

Let’s Encrypt certificates are valid for 90 days. Certbot handles renewal automatically, but verify it works:

sudo systemctl status certbot.timer
sudo certbot renew --dry-run

Allow HTTPS through firewall (optional)

Only needed if you’re using UFW:

sudo ufw status
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'