Generate NGINX SSL certificates with CertBot and Let's Encrypt on Ubuntu
packetware logo
A

Lead Engineer @ Packetware

Generate NGINX SSL certificates with CertBot and Let's Encrypt on Ubuntu

This tutorial is designed to function with latter versions of Ubuntu such as 20.04, and 22.04.

Install Prerequisites

You will need the Certbot and the python3 certbot packages to continue and generate the modified configuration files and generate the public/private key from lets encrypt.

sudo apt install certbot
sudo apt install python3-certbot-nginx

Create your NGINX config for your site.

Here is a basic example you can use that will be modified after our python3 script to reference the SSL keys we generate. it will need to be named after your domain and in the sites-availible directory.

server {
    listen 80;
    listen [::]:80;
    
    root /var/www/html;
    
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }
}

You will need to edit the root, files, and server_name field in order to be congruent with your own site you with to configure with NGINX. These will all be changed later and are just the foundation to your configuration and you can see the changes.

Install your NGINX config

You can run the command below to create a symbolic link to the sites enabled for NGINX.

ln -s /etc/nginx/sites-availible/[Config Name] /etc/nginx/sites-enabled/

In order to test we can run nginx -t to verify that the configuration is valid then we can run the following to load it into production.

sudo systemctl restart nginx

Generating the certificate and NGINX configuration modification

Now that we have our config working ensure your DNS records are updated and pointing at the servers IP addess such that we can generate a SSL certificate for the server to use. The following command will allow us to do just that.

sudo certbot --nginx -d example.com

When your certificate expires Certbot has a built in function to fetch a new SSL certificate for all resources on the server with the command certbot renew or you can use that to schedule dynamic refreshes of your certificate when needed.