Skip to main content

How to Set Up a Secure Web Server with Nginx and Certbot

·479 words·3 mins
Nginx Certbot Web Server Let's Encrypt SSL HTTPS
Table of Contents

With HTTPS adoption becoming standard, securing your web server with an SSL/TLS certificate is now essential.

Let’s Encrypt provides free SSL certificates, but they need to be renewed every 90 days. That’s where Certbot comes in—automating the process of obtaining, deploying, and renewing SSL certificates.

In this guide, you’ll learn how to set up a secure web server with Nginx and Certbot. We’ll cover:

  • Installing Nginx
  • Configuring Nginx server blocks
  • Adding DNS A records
  • Installing and using Certbot with Let’s Encrypt SSL
  • Automating certificate renewal

1. Install Nginx on Ubuntu
#

On Ubuntu, install Nginx using:

sudo apt install nginx

Check if Nginx was installed correctly:

nginx -v

Start and enable Nginx at boot:

sudo systemctl start nginx && sudo systemctl enable nginx

Allow Nginx through the firewall:

sudo ufw allow 'nginx full'

Nginx Installed


2. Configure Nginx Server Block
#

Create a directory to store your site’s web files (replace example.com with your own domain):

sudo mkdir -p /var/www/example.com/html

Set directory ownership and permissions:

sudo chown -R $USER:$USER /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com

Create a sample index page:

vim /var/www/example.com/html/index.html
<html>
  <body>
    <h1>Success! Nginx server block is working!</h1>
  </body>
</html>

Now, create a server block configuration:

sudo vim /etc/nginx/sites-available/example.com
server {
    listen 80;

    root /var/www/example.com/html;
    index index.html;

    server_name example.com www.example.com;

    location / {
        try_files $uri $uri/ =404;
    }
}

Enable it by creating a symlink:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Test Nginx configuration:

sudo nginx -t

Reload Nginx:

sudo nginx -s reload

Nginx Config


3. Create DNS A Record
#

Point your domain to your server’s public IP address with a DNS A record.

For example, in Google Domains:

  • Type: A
  • TTL: 300
  • Data: your server’s public IP address
  • Add both example.com and www.example.com

Verify DNS propagation:

dig example.com

DNS Record


4. Install Certbot (Let’s Encrypt Client)
#

First, remove any old Certbot package:

sudo apt remove certbot

Install Certbot using Snap:

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Check installation:

certbot --version

5. Obtain and Install SSL Certificates
#

For testing, request a staging certificate:

sudo certbot --nginx --test-cert

You’ll be prompted to:

  1. Enter an email address for renewal notifications.
  2. Agree to the Let’s Encrypt terms.
  3. Optionally join the mailing list.
  4. Select the domains for the certificate.

Once verified, request a production SSL certificate:

sudo certbot --nginx

Certbot will automatically configure Nginx for HTTPS.

Certbot SSL Installed


6. Automate SSL Certificate Renewal
#

Certbot runs a renewal timer every 12 hours. Certificates are renewed automatically when close to expiration.

Check the schedule:

systemctl list-timers

To manually renew:

sudo certbot renew

Certbot Renewal


✅ Conclusion
#

You’ve now successfully set up a secure Nginx web server with HTTPS using Let’s Encrypt and Certbot.

This configuration ensures your site benefits from:

  • Free SSL certificates with automatic renewal
  • Encrypted HTTPS connections for security and SEO ranking
  • Easy scalability for multiple domains and subdomains

By combining Nginx and Certbot, you get a secure, automated, and production-ready web server.

Related

How to Check if Linux Is Running on a Virtual Machine or Physical Machine
·381 words·2 mins
Linux Virtualization System Administration SSH
20 Essential Docker Container Script Commands
·650 words·4 mins
Docker Script DevOps Automation
How to Perform UDP Ping in Linux
·451 words·3 mins
Linux UDP Ping Network Troubleshooting