blog-image

Feb 27, 2021

13 min read

Nginx Basics – Part 1: Easy TLS / SSL setup using Certbot and Let’s Encrypt

Written by

Vippy The VPS

TL;DR Version

To install Nginx and Certbot on Ubuntu/Debian systems, you first need to make sure that your FQDN has an A record pointing at your server's public IP, and then simply run:

$ sudo apt install nginx;
$ sudo snap install core; sudo snap refresh core
$ sudo snap install --classic certbot

To issue a free SSL/TLS certificate from Let's Encrypt, and automatically modify Nginx to use those certificates, run the below command:

$ sudo certbot --nginx

That's it! Nginx is now serving it's default website, at /etc/nginx/sites-enabled/default as an HTTPS website.

A More Detailed Explanation

One of the most basic tasks you will perform while setting up your next website, app or API server is to ensure that the traffic is encrypted between the client and the server, and that the identity of the original server is verifiable. TLS enables us to do that. Continuing our series on Nginx Basics, we will see how to procure a TLS (also known as SSL) certificate and make Nginx use it to encrypt and secure all web traffic.

Prerequisites

In order to follow along, you need the following:

  • A very basic understanding of Nginx configuration, as discussed here.
  • A very basic understanding ofhow TLS works, as discussed here.
  • A VPS with a public IP, running Ubuntu 20.04 LTS. If you don't already have one, head over to SSDNodes and treat yourself to some delicious compute :)
  • A registered domain name, like www.example.com where you want to host your project.

Initial Setup

1. Setting Up DNS Record

The first thing you need to do, is to point visit the DNS management service that you are using. This could be the very place that you bought your domain name from, like Hover, Namecheap, Gandi or GoDaddy. Or it could be the third party DNS service provider like Cloudflare. At your name server control panel, create an A record for your domain pointing to the Public IP address of your VPS.

For example, if you own example.com and want to run a website called test.example.com, then create an A record for test.example.com pointing at  your IP address which itself would look something like 127.74.45.11 Here, example.com is known as your Domain Name and, test.example.com is known as your Fully Qualified Domain Name or FQDN

To find your IP, simply use the command:

$ ip addr

Output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen
Continue reading this article
by subscribing to our newsletter.
Subscribe now

A note about tutorials: We encourage our users to try out tutorials, but they aren't fully supported by our team—we can't always provide support when things go wrong. Be sure to check which OS and version it was tested with before you proceed.

If you want a fully managed experience, with dedicated support for any application you might want to run, contact us for more information.

Leave a Reply