<\/span><\/h2>\n\n\n\nTo install the Nginx web server execute the following commands:<\/p>\n\n\n\n
sudo apt install nginx -y<\/pre>\n\n\n\nOnce, the installation is completed, enable and start the Nginx service:<\/p>\n\n\n\n
sudo systemctl enable nginx && sudo systemctl start nginx<\/pre>\n\n\n\nTo check if everything is OK, check the status of the service:<\/p>\n\n\n\n
sudo systemctl status nginx<\/pre>\n\n\n\nYou should receive the following output:<\/p>\n\n\n\n
root@vps:~# systemctl status nginx\n\u25cf nginx.service - A high performance web server and a reverse proxy server\n Loaded: loaded (\/lib\/systemd\/system\/nginx.service; enabled; vendor preset: enabled)\n Active: active (running) since Sun 2022-02-06 19:34:56 UTC; 11s ago\n Docs: man:nginx(8)\n Process: 322857 ExecStartPre=\/usr\/sbin\/nginx -t -q -g daemon on; master_process on; (code=exited, status=0\/SUCCESS)\n Process: 322858 ExecStart=\/usr\/sbin\/nginx -g daemon on; master_process on; (code=exited, status=0\/SUCCESS)\n Main PID: 322859 (nginx)\n Tasks: 5 (limit: 4617)\n Memory: 5.0M\n CGroup: \/system.slice\/nginx.service\n \u251c\u2500322859 nginx: master process \/usr\/sbin\/nginx -g daemon on; master_process on;\n<\/pre>\n\n\n\n<\/span>Create Nginx Virtual Host<\/span><\/h2>\n\n\n\nBefore we continue with installing Free Let’s Encrypt we need to create a virtual host file containing our domain name. Go into the Nginx configuration directory and create the file.<\/p>\n\n\n\n
cd \/etc\/nginx\/conf.d\/ && sudo nano yourdomain.com.conf<\/pre>\n\n\n\nPaste, the following lines of code.<\/p>\n\n\n\n
server {\n listen 80;\n root \/var\/www\/html;\n index index.php index.html index.htm;\n server_name yourdomain.com;\n\n error_log \/var\/log\/nginx\/yourdomain.com_error.log;\n access_log \/var\/log\/nginx\/yourdomain.com_access.log;\n\n client_max_body_size 100M;\n location \/ {\n try_files $uri $uri\/ \/index.php?$args;\n }\n}<\/pre>\n\n\n\nCheck the Nginx configuration syntax if is OK.<\/p>\n\n\n\n
nginx -t<\/pre>\n\n\n\nYou should receive the following output:<\/p>\n\n\n\n
root@vps:\/etc\/nginx\/conf.d# nginx -t\nnginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful\n<\/pre>\n\n\n\nIf you receive this output you can restart the Nginx service and access your website.<\/p>\n\n\n\n
sudo systemctl restart nginx<\/pre>\n\n\n\n<\/span>Install Certbot<\/span><\/h2>\n\n\n\nAt this moment, our website is running over the HTTP protocol. Installing Free Let’s Encrypt SSL certificate will make our website run securely over the HTTPS protocol. Before we start with obtaining the certificate we need to install the python certbot for Nginx.<\/p>\n\n\n\n
sudo apt install certbot python3-certbot-nginx<\/pre>\n\n\n\nOnce, the certbot is installed successfully we can proceed with the main step in this tutorial about obtaining an SSL certificate.<\/p>\n\n\n\n
<\/span>Obtaining an SSL Certificate<\/span><\/h2>\n\n\n\nTo run the certbot with Nginx plugin specifying the name of your domain execute the following command:<\/p>\n\n\n\n
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com<\/pre>\n\n\n\nAfter you execute this command there will be a couple of entries that you will need to fill, such as the email address, agreement about the terms and conditions, if you want to share your email adress or not, and the redirect options.<\/p>\n\n\n\n
root@vps:~# sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nPlugins selected: Authenticator nginx, Installer nginx\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): admin@yourdomain.com<\/strong>\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(A)gree\/(C)ancel: A<\/strong>\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: N<\/strong>\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for yourdomain.com\nhttp-01 challenge for www.yourdomain.com\nWaiting for verification...\nCleaning up challenges\nDeploying Certificate to VirtualHost \/etc\/nginx\/conf.d\/example.conf\nDeploying Certificate to VirtualHost \/etc\/nginx\/conf.d\/example.conf\n\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2<\/strong>\nRedirecting all traffic on port 80 to ssl in \/etc\/nginx\/conf.d\/example.conf\nRedirecting all traffic on port 80 to ssl in \/etc\/nginx\/conf.d\/example.conf\n<\/pre>\n\n\n\nIf everything is set up as should be the certificate will be installed and you will receive the message below.<\/p>\n\n\n\n
Congratulations! You have successfully enabled https:\/\/yourdomain.com and\nhttps:\/\/www.yourdomain.com\n\nYou should test your configuration at:\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=yourdomain.com\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=www.yourdomain.com\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n \/etc\/letsencrypt\/live\/yourdomain.com<\/strong>\/fullchain.pem\n Your key file has been saved at:\n \/etc\/letsencrypt\/live\/yourdomain.com<\/strong>\/privkey.pem\n Your cert will expire on 2022-05-07. To obtain a new or tweaked\n version of this certificate in the future, simply run certbot again\n with the \"certonly\" option. To non-interactively renew *all* of\n your certificates, run \"certbot renew\"\n - Your account credentials have been saved in your Certbot\n configuration directory at \/etc\/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n\n Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\n Donating to EFF: https:\/\/eff.org\/donate-le\n<\/pre>\n\n\n\nNow, you can access your website securely at https:\/\/yourdomain.com<\/strong><\/p>\n\n\n\nCongratulations! You successfully secured the Nginx with Free Let’s Encrypt SSL certificate on your Ubuntu 20.04 server.<\/p>\n\n\n\n
Of course, you don\u2019t have to install the SSL certificate on your own, and if you use one of our SSD VPS Hosting services<\/a>, in which case you can simply ask our expert system administrators to install it for you and secure your website. They are available 24\u00d77 and will take care of your request immediately.<\/p>\n\n\n\nIf you liked this post, on how to secure Nginx with Lets Encrypt on Ubuntu 20.04, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.<\/p>\n","protected":false},"excerpt":{"rendered":"
Securing a website running with Nginx as a web server can be done with Let’s Encrypt, and that is why … <\/p>\n
Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":40534,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,1698],"tags":[1632,49,1839],"yoast_head":"\nHow To Secure Nginx with Let's Encrypt on Ubuntu 20.04 - RoseHosting<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n \n \n\t \n\t \n\t \n