How to install SSL Certificate on NGINX

Installing an SSL Certificate on NGINX ensures a safe connection between your web server and browser. It encrypts the data transmitted over the internet so that it is only visible to the intended recipient.

This article will show you how to install a Lets Encrypt SSL certificate on NGINX, with step-by-step instructions.

1. install certbot

to be able to generate let’s encrypt, first we must install certbot in our server. we’ll be using the below commands one by one and accepting prompt messages by pressing the Y key.

sudo apt-get update

sudo apt-get install software-properties-common -y

sudo add-apt-repository universe

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get install certbot -y

2. generate let’s encrypt SSL certificate files

once you have installed the certbot, follow the below command to generate SSL certificate files.

note: replace your yourdomain.com with your domain name that connected to your server

sudo certbot certonly --standalone --preferred-challenges http -d  yourdomain.com 

3. Edit NGINX Configuration File

Next, we need to configure the NGINX server block for your server. open nginx.conf file in your server

If you don’t know the location of the file, run the command:

sudo find nginx.conf

use nano command to be able to open and edit nginx.conf

nano /etc/nginx/conf/nginx.conf

now we need to add below content into the server block

server {
        listen 80;

        listen 443 ssl;
        server_name yourdomain.com;
        #ssl on;
        ssl_certificate  /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

       #your other settings here 
}

Save and exit the file by pressing ctrl + x and Y.

4. Restart NGINX Server 

For your configuration changes to take place, you need to restart your NGINX server. To do so, run the command:

sudo systemctl restart nginx

5. set auto renew SSL certificates

the SSL certificates will expire after a while you need to run this command to auto-renew the SSL certificates when expire. run below command.

sudo certbot renew --dry-run

6. Verify SSL Certificate

to check you have successfully installed the SSL certificate on NGINX is to connect to your server via a web browser.

Open a browser of your choice and navigate to your domain using the https protocol: https://yourdomain.com

You should see a locked padlock verifying that the SSL certificate is now set up on your server.

If you have followed the outlined steps above, you should have installed an SSL Certificate on your NGINX server.

if you faced any errors please write them down in the comments section.