0d29ff67-9bc6-4d66-a4cb-b34692ba9f46 Skip to content
evan.guru

How to Issue an SSL Certificate Using Nginx and Certbot on Linux

SSL

Securing your website with HTTPS is essential for protecting user data and improving SEO rankings. This guide walks you through the process of issuing a free SSL certificate using Nginx and Certbot on a Linux server.

Prerequisites

Before you begin, ensure the following:

  1. You have a Linux server with sudo privileges.
  2. Nginx is installed and running.
  3. Your domain name is pointed to your server’s IP address.
  4. The snapd package manager is installed (required for Certbot).

Step 1: Install Certbot

Certbot is a free, open-source tool for obtaining and renewing SSL certificates. Install it using the following commands:

Terminal window
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 2: Configure Nginx

Ensure your Nginx configuration is set up for your domain. For example:

server {
    listen 80;
    server_name example.com www.example.com;


    root /var/www/example.com;
    index index.html;


    location / {
        try_files $uri $uri/ =404;
    }
}

Save the configuration file (e.g., /etc/nginx/sites-available/example.com) and test it:

Terminal window
sudo nginx -t

Reload Nginx to apply changes:

Terminal window
sudo systemctl reload nginx

Step 3: Obtain an SSL Certificate

Run Certbot to automatically configure SSL for your domain:

Terminal window
sudo certbot --nginx -d example.com -d www.example.com

Follow the prompts to complete the process. Certbot will:

  • Obtain the SSL certificate.
  • Update your Nginx configuration to use HTTPS.

Step 4: Verify HTTPS

After Certbot completes, verify that your site is accessible via HTTPS by visiting:

https://example.com

Step 5: Set Up Automatic Renewal

Certbot automatically installs a cron job to renew certificates. Test the renewal process with:

Terminal window
sudo certbot renew --dry-run

If no errors occur, your certificates will renew automatically.

Conclusion

Congratulations! Your website is now secured with HTTPS using Nginx and Certbot. Regularly monitor your server and ensure your certificates are renewed to maintain security. For more advanced configurations, refer to the Certbot documentation.