To set up Certbot SSL with Nginx, you can follow these steps to obtain and install an SSL certificate for your Nginx web server on a Linux-based system. I'll assume you have already installed Nginx on your server.
Install Certbot:
The first step is to install Certbot, which is a tool that simplifies the process of obtaining and renewing SSL certificates. The exact command may vary depending on your Linux distribution. Here are commands for some popular distributions:
Ubuntu/Debian:
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx
CentOS/RHEL
sudo yum install certbot python3-certbot-nginx
Prepare Your Nginx Configuration:
Before using Certbot, you need to ensure that your Nginx configuration is set up correctly. Make sure you have a server block (virtual host) for your domain configured in your Nginx configuration file. It should look something like this:
server {
listen 80;
server_name example.com www.example.com;
location / {
# Your Nginx configuration here
}
}
Obtain an SSL Certificate:
Run the following command to obtain an SSL certificate for your domain:
sudo certbot --nginx -d example.com -d www.example.com
Replace example.com
and www.example.com
with your actual domain names. Certbot will automatically configure Nginx to use the obtained certificate and update your Nginx configuration.
Verify the Configuration:
Certbot should automatically modify your Nginx configuration to enable SSL and redirect HTTP traffic to HTTPS. You can verify your configuration by running:
sudo nginx -t
If there are no syntax errors, restart Nginx:
sudo systemctl restart nginx
If you look at domain‑name.conf, you see that certbot
has modified it:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;
listen 443 ssl;
# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Automatic Renewal:
Certbot will set up a cron job to automatically renew your SSL certificate when it's close to expiration. You can test the renewal process by running:
sudo certbot renew --dry-run
Read also: Nginx Forward Proxy: A Comprehensive Guide
If this test runs successfully, Certbot will renew your certificate as needed. That's it! Your Nginx web server should now be configured with a valid SSL certificate. Make sure to keep your server and Certbot up to date, and your SSL certificate will be automatically renewed when necessary.