Nginx Basics – Part 1: Easy TLS / SSL setup using Certbot and Let’s Encrypt
To install Nginx and Certbot on Ubuntu/Debian systems, you first need to make sure that your FQDN has an A record pointing at your server's public IP, and then simply run:
$ sudo apt install nginx; $ sudo snap install core; sudo snap refresh core $ sudo snap install --classic certbot
To issue a free SSL/TLS certificate from Let's Encrypt, and automatically modify Nginx to use those certificates, run the below command:
$ sudo certbot --nginx
That's it! Nginx is now serving it's default website, at /etc/nginx/sites-enabled/default as an HTTPS website.
A More Detailed Explanation
One of the most basic tasks you will perform while setting up your next website, app or API server is to ensure that the traffic is encrypted between the client and the server, and that the identity of the original server is verifiable. TLS enables us to do that. Continuing our series on Nginx Basics, we will see how to procure a TLS (also known as SSL) certificate and make Nginx use it to encrypt and secure all web traffic.
In order to follow along, you need the following:
- A very basic understanding of Nginx configuration, as discussed here.
- A very basic understanding ofhow TLS works, as discussed here.
- A VPS with a public IP, running Ubuntu 20.04 LTS. If you don't already have one, head over to SSDNodes and treat yourself to some delicious compute :)
- A registered domain name, like www.example.com where you want to host your project.
1. Setting Up DNS Record
The first thing you need to do, is to point visit the DNS management service that you are using. This could be the very place that you bought your domain name from, like Hover, Namecheap, Gandi or GoDaddy. Or it could be the third party DNS service provider like Cloudflare. At your name server control panel, create an A record for your domain pointing to the Public IP address of your VPS.
For example, if you own example.com and want to run a website called test.example.com, then create an A record for test.example.com pointing at your IP address which itself would look something like 127.74.45.11 Here, example.com is known as your Domain Name and, test.example.com is known as your Fully Qualified Domain Name or FQDN
To find your IP, simply use the command:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen
by subscribing to our newsletter.
Like what you saw? Subscribe to our weekly newsletter.