How to Secure Nginx Server with SSL Certificate Using Python and Certbot on Ubuntu 22.04
In today's digital landscape, securing your web server is paramount. This guide walks you through the process of obtaining and installing an SSL certificate for your Nginx server, adding an extra layer of security to your website. We'll be using Python and the Certbot ACME client to simplify the SSL certificate issuance process.
Step 1: Install Certbot and Required Libraries
Begin by updating your package list and installing Certbot along with the necessary Python libraries:
sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx
Step 2: Run Certbot to Obtain SSL Certificate
Run Certbot to interactively obtain and install the SSL certificate. The --nginx
option automates the process of configuring Nginx for SSL:
sudo certbot --nginx -d example.com
Replace example.com
with your domain. Certbot will prompt you for your email address and offer options for redirecting HTTP traffic to HTTPS.
Step 3: Automate Certificate Renewal
Certbot sets up an automatic renewal process via a cron job. Test the renewal process with the following command:
sudo certbot renew --dry-run
This simulates the renewal process without actually renewing the certificate.
Step 4: Check Nginx Configuration
Certbot should automatically update your Nginx configuration. Verify the changes in your Nginx configuration file (commonly found in /etc/nginx/sites-available/default
or /etc/nginx/nginx.conf
). Ensure there is a server block listening on port 443 with the SSL certificate paths.
Step 5: Restart Nginx
If Certbot did not automatically restart Nginx, do so manually to apply the new configuration:
sudo systemctl restart nginx
Congratulations! Your Nginx server is now secured with an SSL certificate, encrypting data transmitted between the server and your users. Regularly check for certificate renewals to maintain a secure and smoothly running website.