How to Secure Nginx Server with SSL Certificate Using Python and Certbot on Ubuntu 22.04

In today's digital landscape, securing your web server is paramount. This guide walks you through the process of obtaining and installing an SSL certificate for your Nginx server, adding an extra layer of security to your website. We'll be using Python and the Certbot ACME client to simplify the SSL certificate issuance process.

Step 1: Install Certbot and Required Libraries

Begin by updating your package list and installing Certbot along with the necessary Python libraries:

sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx

Step 2: Run Certbot to Obtain SSL Certificate

Run Certbot to interactively obtain and install the SSL certificate. The --nginx option automates the process of configuring Nginx for SSL:

sudo certbot --nginx -d example.com

Replace example.com with your domain. Certbot will prompt you for your email address and offer options for redirecting HTTP traffic to HTTPS.

Step 3: Automate Certificate Renewal

Certbot sets up an automatic renewal process via a cron job. Test the renewal process with the following command:

sudo certbot renew --dry-run

This simulates the renewal process without actually renewing the certificate.

Step 4: Check Nginx Configuration

Certbot should automatically update your Nginx configuration. Verify the changes in your Nginx configuration file (commonly found in /etc/nginx/sites-available/default or /etc/nginx/nginx.conf). Ensure there is a server block listening on port 443 with the SSL certificate paths.

Step 5: Restart Nginx

If Certbot did not automatically restart Nginx, do so manually to apply the new configuration:

sudo systemctl restart nginx

Congratulations! Your Nginx server is now secured with an SSL certificate, encrypting data transmitted between the server and your users. Regularly check for certificate renewals to maintain a secure and smoothly running website.