In this article we will learn how to setup Nginx with SSL certificate. For SSL certificate we will use Let’s Encrypt. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Let’s Encrypt provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificates are valid for 90 days and must be renewed periodically. The certificates are trusted by all major web browsers.


  • Ubuntu 20.04
  • Server Instance (AWS, Digital Ocean, etc)
  • Domain Name
  • DNS Record that point to your server instance


Login to your server instance

ssh root@your_server_ip


Step 1: Install Nginx

First let’s update our package list

sudo apt update


Check which version of Nginx is available

apt-cache policy nginx


Generally, the latest version of Nginx is available in the default Ubuntu repository. If you want to install the latest version of Nginx, you have add the Nginx repository to your system. Followings are the steps to add the Nginx repository to your system.


Step 2: Add Nginx Repository

sudo vi /etc/apt/sources.list.d/nginx.list
deb focal nginx
deb-src focal nginx


deb lines are for the main repository and deb-src lines are for the source repository. Src packages are not required for the installation of Nginx. So, you can comment out the deb-src lines.


Step 3: Add Nginx Signing Key

curl -fsSL | sudo apt-key add -
sudo apt-key fingerprint ABF5BD827BD9BF62


Update Package List

sudo apt update


Install Nginx

apt policy nginx
sudo apt install nginx=1.20.1-1~focal


Enabling and checking status of Nginx Service

sudo systemctl status nginx
sudo systemctl enable nginx
sudo systemctl status nginx


Setting up server block

sudo mkdir -p /var/www/


Update the ownership of the directory

sudo chown -R $USER:$USER /var/www/


Update the permission

sudo chmod -R 755 /var/www/


Create a sample index.html file

# Also add some text to the file
sudo vi /var/www/


Create site configuration file

# Create s site available configuration file
sudo vi /etc/nginx/sites-available/
sudo mkdir /etc/nginx/sites-enabled


Add the following content to the file

``` sudo vi /etc/nginx/sites-available/ ``

server {
        listen 80;

        root /var/www/;
        index index.html;


        location / {
                try_files $uri $uri/ =404;


Make sure to replace the server_name with your domain name. Also DNS record should point to your server instance.


Add include to the main configuration file

sudo vi /etc/nginx/nginx.conf

add the line include /etc/nginx/sites-enabled/*; to the end of the file


sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/


Test the configuration file

sudo nginx -t


Restart Nginx

sudo systemctl restart nginx


Step 4: Install Certbot

sudo apt install certbot python3-certbot-nginx


Secure Nginx with Let’s Encrypt

sudo certbot --nginx -d -d


Check the renewal status

sudo certbot renew --dry-run


Check the certificate

sudo openssl x509 -in /etc/letsencrypt/live/ -text -noout


Check the certificate expiration date

sudo openssl x509 -in /etc/letsencrypt/live/ -text -noout | grep "Not After"