0
0
NginxHow-ToBeginner · 4 min read

How to Use Let's Encrypt with Nginx for Free SSL Certificates

To use Let's Encrypt with nginx, install Certbot and its Nginx plugin, then run certbot --nginx to automatically obtain and configure SSL certificates. Certbot updates your Nginx configuration to enable HTTPS with valid certificates.
📐

Syntax

The main command to use Let's Encrypt with Nginx is:

  • certbot --nginx: This command obtains a certificate and automatically modifies your Nginx configuration to use it.
  • certbot renew: This command renews your certificates before they expire.

You can also specify domains with -d and email for notifications with --email.

bash
certbot --nginx -d example.com -d www.example.com --email your-email@example.com --agree-tos --no-eff-email
💻

Example

This example shows how to install Certbot, obtain a certificate for your domain, and configure Nginx automatically.

bash
# Update package list and install Certbot with Nginx plugin
sudo apt update
sudo apt install certbot python3-certbot-nginx -y

# Run Certbot to get and install certificate
sudo certbot --nginx -d example.com -d www.example.com --email your-email@example.com --agree-tos --no-eff-email

# Test automatic renewal
sudo certbot renew --dry-run
Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Obtaining a new certificate Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem Nginx configuration updated. Dry run renewal simulation successful.
⚠️

Common Pitfalls

Common mistakes when using Let's Encrypt with Nginx include:

  • Not opening port 80 and 443 in your firewall, which blocks certificate validation.
  • Running Certbot without the Nginx plugin, requiring manual config changes.
  • Using the --nginx flag without having a valid Nginx server block for your domain.
  • Forgetting to renew certificates, causing HTTPS to break after 90 days.

Always check your Nginx config syntax with sudo nginx -t after Certbot modifies it.

bash
### Wrong: Running certbot without nginx plugin
sudo certbot -d example.com

### Right: Using nginx plugin for automatic config
sudo certbot --nginx -d example.com
📊

Quick Reference

Summary tips for using Let's Encrypt with Nginx:

  • Install Certbot and the Nginx plugin.
  • Run certbot --nginx with your domain names.
  • Ensure ports 80 and 443 are open for validation and HTTPS traffic.
  • Test Nginx config with nginx -t after changes.
  • Set up automatic renewal with certbot renew (usually via cron or systemd timer).
CommandPurpose
sudo apt install certbot python3-certbot-nginxInstall Certbot and Nginx plugin
sudo certbot --nginx -d example.comObtain and install SSL certificate automatically
sudo nginx -tTest Nginx configuration syntax
sudo certbot renewRenew certificates before expiration
sudo systemctl status certbot.timerCheck automatic renewal service status

Key Takeaways

Use Certbot with the --nginx plugin to automate SSL certificate installation.
Make sure ports 80 and 443 are open for Let's Encrypt validation and HTTPS traffic.
Always test your Nginx configuration after Certbot modifies it using nginx -t.
Set up automatic certificate renewal to avoid HTTPS downtime.
Provide a valid email with Certbot for important expiration notifications.

Related by keyword

How to Fix SSL Handshake Error in Nginx QuicklyCommon ErrorsHow to Start Nginx: Simple Commands to Run Nginx ServerGetting StartedWhat is nginx.conf: Understanding NGINX Configuration FileGetting StartedWhere is Nginx Config File Located? Find nginx.conf EasilyGetting StartedHow to Check Nginx Status: Simple Commands and ExamplesGetting Started

Up next

Round Robin vs Least Connections in NGINX: Key Differences and UsageWhat is Upstream in Nginx: Explanation and ExampleHow to Bypass Cache in Nginx: Simple Configuration GuideHow to Configure Caching in Nginx for Faster Web Performance

More in SSL TLS

How to Auto Renew SSL Certificate in Nginx EasilyHow to Configure HSTS in Nginx for Secure HTTPSHow to Configure SSL Ciphers in Nginx for Secure ConnectionsHow to Configure SSL in Nginx: Simple Steps