Global Outreach
← Blog

How to Secure Nginx with Let's Encrypt on Ubuntu 22.04

Global Outreach

If your website is running on Ubuntu 22.04 with Nginx, one of the first things you should do is enable SSL.

Without SSL, your site may show "Not Secure" in the browser. This can reduce user trust and may impact SEO.

The good news: you can secure your site for free using Let's Encrypt. In this guide, we use the APT method only (no snap).

What you need before starting

  • Ubuntu 22.04 server
  • Nginx installed
  • Domain name pointing to your server

Step 1: Install Certbot (APT method)

Update package lists:

$ sudo apt update

Install Certbot and the Nginx plugin:

$ sudo apt install certbot python3-certbot-nginx -y

Verify installation:

$ certbot --version

Step 2: Check Nginx configuration

Open your site config:

$ sudo nano /etc/nginx/sites-available/example.com

Make sure your server block has the correct domain line:

server_name example.com www.example.com;

Test Nginx configuration:

$ sudo nginx -t

Reload Nginx:

$ sudo systemctl reload nginx

Step 3: Allow HTTPS in firewall

Check UFW status:

$ sudo ufw status

Allow full Nginx profile (HTTP + HTTPS):

$ sudo ufw allow 'Nginx Full'

Remove HTTP-only rule if present:

$ sudo ufw delete allow 'Nginx HTTP'

Step 4: Install SSL certificate

Run Certbot with your domains:

$ sudo certbot --nginx -d example.com -d www.example.com

Certbot verifies the domain, installs certificates, updates Nginx config, and enables HTTPS. Choose redirect from HTTP to HTTPS when prompted.

Step 5: Verify SSL

Open your website in the browser at https://example.com and check for the lock icon.

Step 6: Test auto-renewal

Run a dry-run renewal test:

$ sudo certbot renew --dry-run

Step 7: Set up auto-renewal (if needed)

Check if a Certbot timer already exists:

$ systemctl list-timers | grep certbot

If not present, add a cron job:

$ sudo crontab -e
0 3 * * * certbot renew --quiet

Step 8: Where SSL files are stored

Certificates are saved in /etc/letsencrypt/live/example.com/ and the key files are fullchain.pem and privkey.pem.

Common issues

Domain verification fails

Check your DNS A/AAAA records and make sure they point to the correct server.

Nginx config error

$ sudo nginx -t

Ports blocked

Make sure ports 80 and 443 are open in UFW and your cloud firewall/security group.

Final thoughts

Setting up SSL on Ubuntu 22.04 with Nginx is straightforward once you follow the steps. With Let's Encrypt, your site becomes secure, more trusted by users, and better aligned with modern SEO requirements.