How To Secure Nginx with Let’s Encrypt on Ubuntu EC2 Instance

Introduction

Let’s Encrypt is a Certificate Authority (CA) that makes it simple to obtain and install free TLS/SSL certificates, allowing web servers to provide encrypted HTTPS traffic. It makes the process easier by providing a software client, Certbot, which seeks to automate the majority (if not all) of the necessary stages. Currently, Apache and Nginx fully automate the process of getting and installing a certificate.

In this article, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu EC2 Instance and configure it to renew automatically.

In this tutorial, a distinct Nginx server configuration file will be used instead of the default. We propose building new Nginx server block files for each domain, which helps to avoid frequent mistakes.

Why Security Matters

In the digital or social media world, making sure your website is secure is a must. Strong security measures must be put in place in order to safeguard sensitive data and uphold user confidence because cyber threats are becoming more frequent. By installing an SSL certificate, you may protect the data that is transmitted between your server and the browsers of your visitors by encrypting it and keeping it safe from hackers and other bad actors.

Understanding SSL Certificates

Before diving into the installation process, it’s essential to understand the role of SSL certificates. SSL (Secure Sockets Layer) certificates encrypt data during transit, preventing unauthorized access and interception. These certificates also authenticate the identity of your website, assuring visitors of its legitimacy and trustworthiness.

Types of SSL Certificates

• Domain Validated (DV) Certificates: Offer basic encryption and are ideal for personal websites or blogs.
• Organization Validated (OV) Certificates: Provide enhanced validation, verifying the legitimacy of the organization behind the website.
• Extended Validation (EV) Certificates: Offer the highest level of validation, displaying a green address bar in the browser, signifying utmost trust.

Nginx Basic Setting Check

Check your nginx file config test before restart nginx server

sudo nano /etc/nginx/sites-available/example.com

Must check your domain name configure properly

...
server_name example.com www.example.com;
...

If so, close your editor and proceed to the following step.

Update it to correspond if it doesn’t. Next, save the file, close your editor, and check that your configuration edits have the correct syntax:

sudo nginx -t

Reopen the server block file and look for any typos or missing characters if you encounter an error. Once the syntax in your configuration file is right, reload Nginx to allow the new configuration to take effect:

sudo systemctl reload nginx

Certbot can now find the correct server block and update it automatically.

Step 1 — Installing Certbot

In order to use Let’s Encrypt to get an SSL certificate, you must first install Certbot on your server.

Use apt to install Certbot and its Nginx plugin

sudo apt install certbot python3-certbot-nginx

Certbot is ready; however, some Nginx settings needs to be validated before it can set up SSL for Nginx automatically.

Step 1 — Obtaining SSL Certificate

Once Certbot is installed, you can proceed to obtain an SSL certificate for your domain. Follow these steps:

sudo certbot --nginx

OR if you want direct add domain name

sudo certbot --nginx -d example.com -d www.example.com

Certbot will automatically configure SSL for your domain and verify the settings. And you will get somthing below output

Output
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-08-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Renewing SSL Certificate

SSL certificates have a limited validity period. To renew your certificate automatically, set up a cron job to run Certbot periodically.

Step 1: Editing Cron Jobs

sudo crontab -e

Step 2: Adding Renewal Command

Add the following line to renew certificates twice daily:

0 */12 * * * certbot renew --quiet

Frequently Asked Questions (FAQs)

Related Articles

Difference Between Git Stash Pop And Git Stash Apply

Why all sites now require SSL (https)

Laravel Interview Questions And Answers

How To Install Old Version Laravel Using Composer

Node.Js Interview Questions And Answers

Conclusion

A free SSL certificate is a vital first step towards protecting your website and giving your users a safe and secure surfing experience on your Ubuntu EC2 instance. By taking the actions listed in this tutorial, you may improve the security posture of your website and gain the audience’s trust.