How to Install Let’s Encrypt SSL in Nginx on Ubuntu 22.04 | Holhol24

23

Let’s Encrypt is a certificates authority that gives unfastened SSL certificate for web sites. In addition to providing SSL certificate, it additionally handles certificates set up and renewal of certificate throughout the Certbot consumer.

Let’s Encrypt is the sector’s greatest certificates authority and greater than 250 million web sites use its certificate. Currently, Let’s Encrypt helps auto set up of certificate on Apache, Nginx, Plex, and Haproxy.

Here, we will be able to see easy methods to set up Let’s Encrypt SSL Certificate for Nginx on Ubuntu 22.04.

Prerequisites
Install LEMP Stack

Before continuing additional, arrange the Nginx cyber web server to your Ubuntu device.

Create Nginx Server Block

After putting in Nginx, we will be able to create an Nginx server block to serve the HTTP model of the web page. Typically, a server block comprises a website identify, port quantity, file root, log location, speedy CGI, and so on.

I’m assuming the next,

Domain identify: holhol24.internet, www.holhol24.netPort No: 80Document root: /usr/proportion/nginx/www.holhol24.internet/htmlLogs: /usr/proportion/nginx/www.holhol24.internet/logsServer Block File: /and so on/nginx/conf.d/www.holhol24.internet.conf

If you've put in Nginx from the Ubuntu repository, you want to create a server block configuration record below the /and so on/nginx/sites-available listing and position HTML recordsdata below the /var/www/html listing
sudo nano /and so on/nginx/conf.d/www.holhol24.internet.conf

Use the beneath configuration in your web page. Do have in mind to modify server_name , root, and fastcgi_pass in line with your requirement.

You can take away the PHP Fast CGI segment if you don’t use CMSs like WordPress, Joomla, and so on., or PHP-based programs.

server {
server_name holhol24.internet www.holhol24.internet;
root /usr/proportion/nginx/www.holhol24.internet/html;
location / {
index index.html index.htm index.php;
}
access_log /var/log/nginx/www.holhol24.internet/logs/get admission to.log;
error_log /var/log/nginx/www.holhol24.internet/logs/error.log;
# Remove this segment if the web site hosts handiest simple HTML recordsdata
location ~ .php$ {
come with fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

Once you’ve created the server block, create a root and logs listing for the web page.

sudo mkdir -p /usr/proportion/nginx/www.holhol24.internet/html/
sudo mkdir -p /usr/proportion/nginx/www.holhol24.internet/logs/

Then, trade the possession and crew of the foundation listing.

sudo chown -R www-data:www-data /usr/proportion/nginx/www.holhol24.internet/

Finally, position the check HTML record to your area’s file root.

echo "This is a Test HTML Page @ www.holhol24.net" | sudo tee /usr/proportion/nginx/www.holhol24.internet/html/index.html

Then, restart the Nginx provider to re-read the configurations.

sudo systemctl restart nginx

Install Let’s Encrypt SSL Certificate For Nginx

Create / Update DNS Record

Before producing Let’s Encrypt SSL certificates, you will have to level your area on your server IP. So, talk over with your area registrar and create an A/CNAME file for the domain names you need to generate an SSL certificates. For instance, the beneath symbol presentations the A/CNAME file for the area holhol24.internet.

Making adjustments in DNS information will take time to propagate. So, look forward to a couple of mins to hours, relying at the TTL you place for the file.

DNS Records

Install Certbot Client

In addition to pointing a website on your server IP, you want to put in the Certbot ACME consumer that handles certificates era and set up.

Certbot is accessible as a snap bundle on Ubuntu 22.04. So, first, set up the Snapd bundle.

sudo apt replace
sudo apt set up -y snapd

Then, replace the snapd to the most recent model.

sudo snap set up core; sudo snap refresh core

Finally, set up the Certbot consumer the usage of the snap command.

sudo snap set up --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install Let’s Encrypt SSL Certificate

Use the certbot command to generate and set up the Let’s Encrypt certificates in Nginx.

sudo certbot --nginx

Follow the interactive advised to generate and set up SSL certificate.

 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter electronic mail deal with (used for pressing renewal and safety notices)
(Enter 'c' to cancel): admin@holhol24.native << Enter Email ID

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please learn the Terms of Service at
https://letsencrypt.org/paperwork/LE-SA-v1.2-November-15-2017.pdf. You will have to
agree in an effort to sign up with the ACME server. Do you settle?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y << Agree to Terms and Conditions

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be prepared, as soon as your first certificates is effectively issued, to
proportion your electronic mail deal with with the Electronic Frontier Foundation, a founding
spouse of the Let's Encrypt venture and the non-profit group that
develops Certbot? We'd love to ship you electronic mail about our paintings encrypting the cyber web,
EFF information, campaigns, and techniques to beef up virtual freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N << Subscriber to Newsletter
Account registered.

Which names do you want to turn on HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: holhol24.internet
2. www.holhol24.internet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the precise numbers separated through commas and/or areas, or go away enter
clean to choose all choices proven (Enter 'c' to cancel): 1,2 << Choose Site to Install Let's Encrypt SSL Certificate
Requesting a certificates for www.holhol24.internet

Successfully won certificates.
Certificate is stored at: /and so on/letsencrypt/reside/www.holhol24.internet/fullchain.pem
Key is stored at: /and so on/letsencrypt/reside/www.holhol24.internet/privkey.pem
This certificates expires on 2022-08-10.
These recordsdata shall be up to date when the certificates renews.
Certbot has arrange a scheduled process to mechanically renew this certificates within the background.

Deploying certificates
Successfully deployed certificates for www.holhol24.internet to /and so on/nginx/conf.d/www.holhol24.internet.conf
Congratulations! You have effectively enabled HTTPS on https://www.holhol24.internet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you prefer Certbot, please imagine supporting our paintings through:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Once you turn on HTTPS for the area, the Certbot consumer will position redirection laws to redirect site visitors from HTTP to the HTTPS web site.

By default, it puts two laws for beneath redirections.

http://holhol24.internet >> https://holhol24.internet
http://www.holhol24.internet >> https://www.holhol24.internet

As you’ll see, the primary redirection has no longer reached the www HTTPS model of the web page. So, you might want to apply the beneath segment to set it up. If you don’t use the www area, you’ll skip the following segment.

Redirect non-www HTTP requests to www HTTPS with Nginx (not obligatory)

You would possibly love to configure the Nginx server to redirect the site visitors from the non-www HTTP web site to the WWW HTTPS web site, I.e., http://holhol24.internet >> https://www.holhol24.internet.

So, edit the server block record.

sudo nano /and so on/nginx/conf.d/www.holhol24.internet.conf

Then, upload the highlighted redirection within the SSL block.

listen 443 ssl; # managed by Certbot
.    .    .
.    .    .
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    if ($host = holhol24.com) {
return 301 https://www.holhol24.com$request_uri;
}

Finally, restart the Nginx provider.

sudo systemctl restart nginx

Verify Let’s Encrypt Certificate

You can test the Let’s Encrypt certificates main points through visiting your web page.

http://your-http-web-site

OR

https://your-https-web-site

You will have to get the HTTPS model of your web site now.

Let’s Encrypt SSL CertificateTest SSL Certificate

Also, you’ll check the Let’s Encrypt SSL certificates for any problems and its safety rankings through going to the beneath URL.

https://www.ssllabs.com/ssltest/analyze.html?d=www.holhol24.internet

Renew Let’s Encrypt Certificate

Let’s Encrypt certificate have 90 days of validity, and it’s extremely beneficial to resume the certificate prior to they expire. Thanks to the systemd provider that runs two times an afternoon which handles computerized renewal of certificate.

However, I like to recommend you simulate the automated renewal through working the beneath command.

sudo certbot renew –dry-run

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Processing /and so on/letsencrypt/renewal/holhol24.internet.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Account registered.
Simulating renewal of an current certificates for holhol24.internet and www.holhol24.internet

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations, all simulated renewals succeeded:
/and so on/letsencrypt/reside/holhol24.internet/fullchain.pem (good fortune)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

If you get output like above, the renewal is operating appropriately and the automated renewal will occur as anticipated.

Conclusion

That’s All. I am hoping you realized easy methods to set up Let’s Encrypt SSL Certificate for Nginx on Ubuntu 22.04.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More