How to Secure NGINX With Let’s Encrypt on Ubuntu 22.0

Securing NGINX with Let’s Encrypt on Ubuntu 22.04 involves obtaining an SSL/TLS certificate from Let’s Encrypt and configuring NGINX to use this certificate for HTTPS encryption. Here’s a step-by-step guide:


Before you begin, make sure you have the following:

  1. A registered domain name that points to your server’s IP address.
  2. NGINX installed on your Ubuntu 22.04 server (you can follow these instructions to install NGINX).
  3. A basic NGINX server block (virtual host) configuration set up for your domain.

Now, let’s secure NGINX with Let’s Encrypt:

Step 1: Install Certbot (Let’s Encrypt Client)

  1. Update your package list:

sudo apt update

  1. Install Certbot using the following command:

sudo apt install certbot python3-certbot-nginx


Step 2: Obtain Let’s Encrypt SSL Certificate

  1. Run Certbot to obtain and install the SSL certificate for your domain. Replace `your_domain` with your actual domain name:

sudo certbot --nginx -d your_domain


Certbot will interactively ask you for information and configure NGINX to use the obtained certificate.

  1. Certbot will ask if you want to redirect HTTP traffic to HTTPS. Choose the appropriate option based on your preference. Redirecting is recommended for better security.

Step 3: Automatically Renew the Certificate

Certbot will automatically set up a cron job to renew your certificate when it’s close to expiration. Certificates provided by Let’s Encrypt are usually valid for 90 days, so this automatic renewal process is essential to keep your website secure.

Step 4: Verify Certificate Renewal (Optional)

You can verify that the automatic renewal process works by running the following command:


sudo certbot renew --dry-run


If there are no errors, the renewal process is working correctly.

Step 5: Test Your HTTPS Setup

Visit your website using HTTPS (e.g., `https://your_domain`). You should see a secure padlock icon in your browser’s address bar, indicating that your site is now using HTTPS.

Step 6: Adjust Your NGINX Configuration (Optional)

By default, Certbot will create a server block for your domain in `/etc/nginx/sites-available/your_domain`. You can customize this configuration as needed, such as adding additional security headers or configuring specific SSL settings.

Step 7: Verify SSL Configuration

It’s a good practice to verify your SSL/TLS configuration using an online tool like SSL Labs. Enter your domain and check the rating and details of your SSL certificate setup.

Congratulations! You’ve successfully secured NGINX with Let’s Encrypt on Ubuntu 22.04. Your website is now accessible over HTTPS with a valid SSL/TLS certificate.

Have additional questions? Search below: