Secure Nginx with Let's Encrypt on Ubuntu 20.04: A Step-by-Step Guide


5 min read 13-11-2024
Secure Nginx with Let's Encrypt on Ubuntu 20.04: A Step-by-Step Guide

Introduction

In the digital age, security is paramount. Every website owner understands the importance of protecting their data and ensuring a secure experience for their users. One crucial aspect of this security is implementing HTTPS, a protocol that encrypts the communication between a website and its visitors. This not only protects sensitive information like login credentials and payment details but also builds trust with your audience.

Let's Encrypt is a free, automated, and open certificate authority (CA) that makes securing websites with HTTPS a breeze. It provides SSL/TLS certificates, which are digital documents that verify the authenticity of your website and encrypt data.

Nginx, a popular and powerful web server, is often used alongside Let's Encrypt. Its flexibility and performance make it a perfect choice for websites of all sizes.

In this comprehensive guide, we will walk you through the process of securing your Nginx server on Ubuntu 20.04 using Let's Encrypt. We'll break down the steps into manageable chunks, providing clear explanations and code examples.

Why Secure Your Website with HTTPS?

You might be wondering, "Why go through the trouble of securing my website with HTTPS?" Here's why it's essential:

  • Data Security: HTTPS encrypts the communication between your website and its visitors, protecting sensitive data like login credentials, credit card information, and personal details from prying eyes.
  • Improved User Trust: Browsers display a padlock icon in the address bar for websites using HTTPS, signaling to visitors that their data is secure. This builds trust and confidence, encouraging users to interact with your website freely.
  • Enhanced SEO: Google and other search engines prioritize HTTPS websites, giving them a ranking boost.
  • Compliance: Many industries have regulations requiring HTTPS for data protection and privacy.
  • Protection from Man-in-the-Middle Attacks: HTTPS helps prevent malicious actors from intercepting and manipulating data transmitted between your website and its visitors.

In essence, securing your website with HTTPS is a win-win scenario. You protect your users, enhance your website's reputation, improve its performance, and comply with industry standards.

Prerequisites

Before we delve into the step-by-step guide, let's ensure you have the necessary prerequisites:

  • Ubuntu 20.04 Server: You'll need a server running Ubuntu 20.04. If you haven't set up a server yet, refer to cloud hosting providers like DigitalOcean, AWS, or Google Cloud.
  • Nginx Web Server: Nginx should be installed on your Ubuntu server. If not, use the following command to install it:
sudo apt update
sudo apt install nginx
  • Domain Name: You'll need a domain name that points to your server.

Step 1: Install Certbot

Certbot is a user-friendly tool that automates the process of obtaining and installing Let's Encrypt certificates. It simplifies the certificate acquisition and deployment process.

To install Certbot, use the following command:

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Generate an SSL Certificate

With Certbot installed, you can now generate an SSL certificate for your website. This involves using the certbot command and specifying your domain name.

Open your terminal and run the following command:

sudo certbot certonly --nginx -d yourdomain.com -d www.yourdomain.com

Note:

  • Replace yourdomain.com with your actual domain name.
  • If you have multiple subdomains or domains, include them separated by spaces.
  • The --nginx flag tells Certbot to configure Nginx to use the generated certificate.

During the process, you'll be prompted for an email address to receive notifications about certificate renewals.

Step 3: Configure Nginx to Use HTTPS

Once you've obtained the SSL certificate, you need to configure Nginx to use it. This involves modifying the Nginx configuration file.

a. Create a New Nginx Configuration File

Create a new configuration file for your website:

sudo nano /etc/nginx/sites-available/yourdomain.com

Note: Replace yourdomain.com with your actual domain name.

b. Paste the Following Configuration:

server {
  listen 80;
  server_name yourdomain.com www.yourdomain.com;

  location / {
    return 301 https://$host$request_uri;
  }
}

server {
  listen 443 ssl http2;
  server_name yourdomain.com www.yourdomain.com;

  ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

  include /etc/nginx/snippets/ssl-params.conf;

  location / {
    try_files $uri $uri/ =404;
  }
}

Note:

  • Replace yourdomain.com with your actual domain name.
  • This configuration will redirect HTTP traffic to HTTPS, enabling HTTP/2 for improved performance.

c. Enable the Configuration File

Create a symbolic link to enable the new Nginx configuration file:

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/yourdomain.com

Note: Replace yourdomain.com with your actual domain name.

d. Test and Restart Nginx

Test the configuration for syntax errors:

sudo nginx -t

If there are no errors, restart Nginx to apply the changes:

sudo systemctl restart nginx

Step 4: Verify HTTPS Configuration

After configuring Nginx to use HTTPS, it's crucial to verify the setup. You can use online tools like SSL Labs (https://www.ssllabs.com/ssltest/) or Qualys SSL Labs (https://www.ssllabs.com/ssltest/) to assess your website's SSL configuration.

Step 5: Automate Certificate Renewal

Let's Encrypt certificates have a validity period of 90 days. To avoid website downtime, you need to automatically renew them before they expire. Certbot provides a convenient way to do this.

a. Configure Automatic Renewal

Certbot includes a cron job that automatically renews your certificates. To ensure automatic renewal, run the following command:

sudo certbot renew --dry-run

This command simulates a renewal without actually updating the certificates. If it runs successfully, you're all set.

b. Customize Cron Job

By default, Certbot checks for certificate renewals every 120 hours. You can adjust the frequency to suit your needs by modifying the cron job. To view the existing cron job:

sudo crontab -l

To modify the cron job:

sudo crontab -e

Add the following line to the end of the crontab file:

0 0 * * 1 certbot renew --quiet

This configuration will run certbot renew every Monday at midnight.

Step 6: Test the Website

After completing all the steps, it's time to test your website. Open your browser and navigate to your website's address, starting with https://. You should see the padlock icon in the address bar, indicating that your website is now secure.

Conclusion

Securing your Nginx website with Let's Encrypt on Ubuntu 20.04 is a straightforward process that significantly enhances your website's security and user trust. By following these steps, you can easily obtain and deploy SSL certificates, configure Nginx to use HTTPS, and automate certificate renewal for a secure and seamless user experience.

Remember, a secure website is a fundamental aspect of building a strong online presence. By embracing HTTPS and leveraging Let's Encrypt, you can create a trustworthy and reliable website that resonates with your audience.

FAQs

1. What is Let's Encrypt?

Let's Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates for websites. It simplifies the process of securing websites with HTTPS by making it easy to obtain and install certificates.

2. What is an SSL certificate?

An SSL/TLS certificate is a digital document that verifies the authenticity of a website and encrypts data transmitted between the website and its visitors. It's essential for establishing trust and security online.

3. Why do I need to use HTTPS?

HTTPS is crucial for protecting sensitive data, building user trust, improving SEO, complying with industry regulations, and preventing man-in-the-middle attacks.

4. What is Nginx?

Nginx is a powerful and popular open-source web server known for its performance and flexibility. It's commonly used alongside Let's Encrypt to secure websites.

5. What if I'm using a different web server, like Apache?

Certbot supports various web servers, including Apache. You can use the appropriate flag for your web server during the certificate generation process (e.g., --apache for Apache). Refer to Certbot's documentation for specific instructions for different web servers.