Setup SSL on Nginx Using Certbot (Ubuntu)

Overview

This guide describes how to secure an Nginx web server using a free SSL/TLS certificate from Let’s Encrypt via Certbot.

The process:

• Configure an HTTP (port 80) virtual host in Nginx
• Use Certbot to request and install an SSL certificate
• Automatically update Nginx to serve HTTPS (port 443)
• Enable automatic certificate renewal

Target domain format uses a placeholder:

	​your-domain.com

Install Certbot

	​sudo apt update
	​sudo apt install certbot python3-certbot-nginx

Verify installation:

	​certbot --version

Configure Nginx (sites-available)

Example config file:

	​/etc/nginx/sites-available/your-domain.com

Basic configuration:

	​server {
		​​listen 80;
	​	​server_name your-domain.com;
	​	​
	​	​location / {
	​	​	​proxy_pass http://127.0.0.1:3000;
	​	​}
	​}

Enable the site:

	​sudo ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/
	​sudo nginx -t
	​sudo systemctl reload nginx

Generate SSL with Certbot

Run:

	​sudo certbot --nginx --agree-tos --preferred-challenges http -d your-domain.com

Parameter breakdown:

• --nginx → automatically modifies Nginx configuration
• --agree-tos → accepts Terms of Service
• --preferred-challenges http → uses HTTP validation (port 80)
• -d → target domain

Test SSL

Check configuration:

	​sudo nginx -t

Access:

	​https://your-domain.com

Contact us