Click here to Skip to main content
14,937,132 members
Articles / DevOps / Automation
Posted 22 Jan 2018


9 bookmarked

How to Install Let's Encrypt and Automate Renewal in Nginx

Rate me:
Please Sign up or sign in to vote.
5.00/5 (4 votes)
23 Jan 2018CPOL3 min read
Do you want to secure your nginx server? Do you want to prevent Google Chrome from name shaming your non-SSL domain? Well, here a perfect yet easy to follow guide to help you.

No Introduction, Let's Get Started

I don't think that you guys need any introduction to SSL certificate, NGINX, and Linux operating system. So why waste time on half-explanation on what they are and how they work.

But before you start following the steps, there are few prerequisites:

  1. Your server must have ubuntu 16.04 LTS installed on it. 14.04 will also work perfectly.
  2. You must already have a registered domain name and it should be pointing to your server's nameserver.
  3. It is necessary that your www.domain and non-www.domain (by which I mean just domain) should be pointing properly to your server.
  4. You must be having NGINX already installed and running. It's always better to check NGINX status before doing any modifications. To do so, you can either use:
    nginx -t or service nginx configtest

The Process I Am Going to Follow - It's Easy, Just Copy and Paste

  1. I will show you how to install Certbot
  2. Configure Nginx server block. It's always suggested to create new server block files for every new domain
  3. Installing the Letsencrypt SSL on the server
  4. Automate the SSL certificate renew process

If you use any CMS like WordPress, then you can use EasyEngine to automatically install NGINX with Fast-CGI Cache, InnoDB, PHP 7.2, zendopcache, and Letsencrypt.

With easyengine, installing SSL is like typing one single command, here is the example:

sudo ee site update --letsencrypt

If you are interested, you can read this guide on how to install wordpress on digitalocean.

Now before you start following the steps below, you must first log-in to your server. Then switch yourself with root access. use sudo su command.

Step 1: Install Certbot

So now you are connected to your server with root access!

Copy and paste this command into your terminal:

add-apt-repository ppa:certbot/certbot

sudo apt-get update

And now finally, you have to install certbot nginx configuration package. To do so, we will use the following command:

apt-get install python-certbot-ngin

Step 2: Configure Nginx

In order for certbot to work properly and automatically, you need to properly define the server block.

To do so, you will need to edit the default server block. I will use nano to edit the default config because it is easy and my favorite. Copy and paste the following command. This command will work if and only if you have a new server.

nano /etc/nginx/sites-available/default

Now use Ctrl+w to find server_name.

And then, add your site domain name. The complete sentence should look like below:


Now press ctrl+x and then press enter to save your new configuration.

To test if there is no problem with nginx, use nginx -t command. If everything seems right, just reload nginx using systemctl reload nginx command.

Step 3: Install LetsEncrypt SSL

If you have followed all the above steps properly, you should be able to install SSL certificate on your server with just one single command.

certbot --nginx -d -d

Now press 2 in order to automatically redirect non-https requests to https pages. During the installation, you will be asked for your name and email address. Provide the correct information.

Congratulations, now your NGINX server (domain name) has SSL.

Step 4: Checking the Automatically Renew Process

This is the last step and actually, it's not necessary, but it's always better to test things.

We will use certbot renew --dry-run to check if the automatic renew process is working properly or not.

Hopefully, there won't be any errors and certbot will automatically reload your nginx to load new configurations.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

James Johnes
CEO DesignGrande
India India
No Biography provided

Comments and Discussions

-- There are no messages in this forum --