Here are the steps to install SSL by Let’s Encrypt on an Ubuntu server for reverse proxy Nginx:
- Install Certbot:
sql
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx
- Modify Nginx configuration file:
arduino
sudo nano /etc/nginx/sites-available/example.com
Replace example.com with your domain name.
Add the following lines to the server block:
css
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
Save and exit the file.
- Test Nginx configuration:
sudo nginx -t
If the configuration is successful, restart Nginx:
sudo systemctl reload nginx
- Obtain SSL certificate:
css
sudo certbot --nginx -d example.com -d www.example.com
Replace example.com with your domain name.
Follow the prompts to enter your email address and agree to the terms of service. Certbot will automatically update your Nginx configuration file to include SSL.
- Test SSL:
Visit your website using https:// instead of http://. Your browser should show a padlock icon indicating that the connection is secure.
That’s it! Your website is now protected with SSL. Certbot will automatically renew your SSL certificate before it expires.
sudo certbot renew --dry-run
This will check if the renewal process is working without actually renewing the certificates. If everything works fine, you can set up the cron job using the following command:
sudo crontab -e
And then add the following line to run the renewal check twice daily at 3.30am and 3.30pm:
30 3,15 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log
That’s it! You have successfully created Let’s Encrypt SSL for NGINX reverse proxy in Ubuntu.