Making Nginx secure: Set up Let’s Encrypt on Ubuntu 22.04


With Let’s Encrypt, you can secure your website quickly, efficiently, and inexpensively. We will show you how to configure Nginx securely on Ubuntu 22.04 using the certificate authority.

Security on the Internet is more important today than ever before. One of the basic measures to secure websites is to encrypt traffic. In this blog post we will show you how to make Nginx, one of the most popular web servers, secure with Let’s Encrypt on Ubuntu 22.04. It only takes five steps!

(You can learn how to configure Apache with Let’s Encrypt on Ubuntu 22.04 here.)

Step 1: Preparing the system


Before you start setting up Let’s Encrypt, you should be making sure that your Ubuntu 22.04 server is up to date. To do this, update the system with the following commands:

sudo apt update
sudo apt upgrade

Also, install Nginx if you have not already done so:

sudo apt install nginx

Step 2: Installing Let’s Encrypt


Let’s Encrypt is an open source certificate provider that provides free SSL/TLS certificates. To install Let’s Encrypt on your Ubuntu server, use `certbot`, a useful tool for managing certificates:

sudo apt install certbot python3-certbot-nginx

Step 3: Request and configure a certificate


After installing `certbot` you can request an SSL/TLS certificate for your Nginx website. Use the following command and replace `` with your own domain:

sudo certbot --nginx -d -d

Certbot will guide you through the necessary steps to request the certificate and add it to your Nginx configuration.

Step 4: Automate certificate renewal


SSL/TLS certificates have a limited validity period, usually 90 days. To ensure that your certificate does not expire, automate the renewal process. Add a cronjob to renew the certificates on a regular basis:

sudo crontab -e

Add the following line to schedule renewal every 12 hours:

0 */12 * * * /usr/bin/certbot renew --quiet

Step 5: Check the configuration


To ensure that your Nginx configuration is correct and the certificates are renewed properly, run the following command:

sudo nginx -t

If the output shows “syntax is okay” and “test is successful”, your configuration is fine.