How to setup SSL in Nginx Server with LetsEncrypt

In this tutorial, we will learn how to use LetsEncrypt to obtain a free SSL certificate for your Nginx web server. LetsEncrypt is a free certificate authority that provides a set of tools to manage SSL in your server and it’s absolutely free. If your web application is not using SSL, then this is a must-read tutorial for you.


  • Server running Ubuntu 18.04. You can create a free server on DigitalOcean.
  • A domain name.

Step 1 – Getting Server ready

First, update the server.

sudo apt-get update
sudo apt-get upgrade

This will take a few minutes.

Let’s install Nginx.

sudo apt-get install nginx

The Nginx files are located at /etc/nginx directory.

We need to install the software called Certbot that will help us in the SSL setup.

First, add the repository.

sudo add-apt-repository ppa:certbot/certbot

Press ENTER to accept.

Install Certbot software.

sudo apt install python-certbot-nginx

Now our Server is ready to obtain an SSL certificate.

Step 2 – Configure Nginx

Create a new file called yourdomain.conf and place it in /etc/nginx/conf.d directory. Paste the configuration shown below.

server {
        listen 80;
        listen [::]:80;

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;


        location / {
                try_files $uri $uri/ =404;

This is as basic as it can get.

Save the file.

Run the test using Nginx.

sudo nginx -t

If everything is good, restart the Nginx server.

sudo systemctl restart nginx

Now, allow the Nginx services on the firewall. Run these command one by one.

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Then check the status to reconfirm.

sudo ufw status

Check the Nginx Full key.

Step 3 – Obtaining a SSL certificate

Now everything is setup, run this command to get the SSL certificate for your domain.

sudo certbot --nginx -d -d

Replace with your own domain name.

If everything goes well, you will receive the following output.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

I suggest you use option 2 and press ENTER.

Certbot now will download your SSL certificate and re-configure your Nginx configuration automatically.

Try reloading your website, you should be seeing https:// before your domain name.

Step 4 – Verify Auto-Renewal

LetsEncrypyt certificates are only valid for 3 months and Certbot software automatically renew your SSL. We can also check whether this is working or not using the following command.

sudo certbot renew --dry-run

If you see no errors, you are good to go. Enjoy free SSL for a lifetime!

If in future any errors come up, Certbot will email you about it on the specified email address.


In this tutorial, we studied how to use LetsEncrypt service to obtain and manage a free SSL certificate. SSL is mandatory now for any public applications and you should have it to secure your user’s data over the internet.