In this tutorial, we will guide you through the steps of installing Let’s Encrypt SSL certificate on an Ubuntu 18.04 VPS and configure it with Nginx web server.
Let’s Encrypt is a free and automated certificate authority organization. They aim to bring secure websites to all users across the web. They make installations easy and simple, and you can even set up auto-renewal so that you never have to worry about your certificate expiring. Let’s get started with the installation.
Table of Contents
Prerequisites
- Server with Ubuntu 18.04 OS. This should work with other Linux distributions as well, but this tutorial specifically talks about Ubuntu 18.04.
- System user with sudo privileges, or the root account
- Domain or subdomain which is pointed to your server. For the purposes of this tutorial, we will use
domain.comas an example.
Step 1: Log in and Update the Server
First of all, login to your Ubuntu 18.04 server through SSH as user root, or any other user with sudo privileges
ssh root@IP_Address -p Port_Number
Where ‘IP_Address’ and ‘Port_Number’ are the actual IP address of your server and the SSH port number.
Once you are logged in, run the following commands to make sure that all installed packages on your server are updated to the latest available version
apt update && apt upgrade
You can also enable automatic updates on your server as described in one of our previous blog posts, which is highly recommended. This way, the system will automatically check for updates.
Step 2: Install the Nginx Web Server
In this tutorial, we will install and use Nginx web server. It is a free, open-source, and high-performance web server known for its great performance, stability, low resource usage, extensive feature set, and simple configuration. Nginx is available in the official Ubuntu 18.04 repositories and the installation is pretty easy. Run the following command to install it on your server
apt -y install nginx
Once the Nginx web server is installed, it should be automatically started. You can check its status with the following command
systemctl status nginx
Output:
â nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-07-24 02:40:17 CDT; 1min 8s ago
Docs: man:nginx(8)
Process: 28420 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 28419 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 28421 (nginx)
Tasks: 3 (limit: 2321)
CGroup: /system.slice/nginx.service
ââ28421 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
ââ28422 nginx: worker process
ââ28423 nginx: worker process
Jul 24 02:40:17 hostname systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 24 02:40:17 hostname systemd[1]: Started A high performance web server and a reverse proxy server.
Enable Nginx to automatically start after a server reboot
systemctl enable nginx
Step 3: Install Certbot
Certbot is a free and open-source tool written in Python which helps to obtain the SSL certificate from Let’s Encrypt and configure it onto your web server. The version of Cerbot that can be installed from the official Ubuntu repositories is outdated, so in order to install the latest version maintained by the Certbot team, we will have to add the Certbot PPA to your list of repositories.
To do that, run to following commands on your server
apt install software-properties-common add-apt-repository universe add-apt-repository ppa:certbot/certbot
During the process of adding the repository, you will be prompted to hit the Enter button to accept it. After that update the repositories list
apt update
Once the repository is added and the repositories list updated, go ahead and install the Certbot Nginx package
apt -y install python-certbot-nginx
Step 4: Install a Let’s Encrypt SSL certificate
As we mentioned in the ‘Prerequisites’ section of the tutorial, we will use domain.com as an example domain. So, in order to obtain Let’s Encrypt SSL certificate for this domain name, we will run Certbot with the –nginx plugin which will edit the Nginx configuration for the specific domain.
certbot --nginx -d domain.com -d www.domain.com
During the installation of the Let’s Encrypt SSL certificate, you will be prompted to enter an email address used for urgent renewal and security notices
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@domain.com
Read and accept Let’s Encrypt’s Terms of Service
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A
Choose whether or not you want to redirect all traffic to HTTPS, which is recommended.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default -------------------------------------------------------------------------------
With this step, the SSL certificate for domain.com is successfully installed and you can access your domain name at https://domain.com. You can use Certbot to verify this and check the certificate expiration date
certbot certificates
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: domain.com
Domains: domain.com
Expiry Date: 2019-10-22 08:56:19+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------
Step 5: Test automatic renewal
The certbot package we installed in this tutorial comes with a systemd timer that will check the SSL certificate and automatically renew it before it expires. You can check if the timer is running as shown below
systemctl list-timers |grep certbot Wed 2019-07-24 15:38:39 CDT 9h left n/a n/a certbot.timer certbot.service
To test if the automatic renewal works properly, issue the following command
certbot renew --dry-run
If it works, then that’s it! You have successfully set up a Let’s Encrypt certificate on your Ubuntu 18.04 VPS, as well as set up auto-renewal.
Of course, if you are one of our Managed Ubuntu Hosting customers, you don’t have to install Let’s Encrypt on Ubuntu 18.04 with Nginx – simply ask our admins, sit back, and relax. Our admins will install Let’s Encrypt on Ubuntu 18.04 with Nginx for you immediately.
PS. If you liked this post on how to install Let’s Encrypt on Ubuntu 18.04 with Nginx, please share it with your friends on the social networks using the share buttons below, or simply leave a comment in the comments section. Thanks.