Home  »  ArticlesGuidesHow ToSoftwareTechnologyTools   »   How To Install SSL Certificates On Nginx Web Server On Ubuntu 24.04 Noble Numbat

How To Install SSL Certificates On Nginx Web Server On Ubuntu 24.04 Noble Numbat

Securing your website with SSL (Secure Sockets Layer) certificates is essential for protecting sensitive data and establishing trust with your users. SSL certificates encrypt the data transmitted between your server and clients, ensuring privacy and data integrity. This guide will walk you through the steps to install SSL certificates on an Nginx web server running on Ubuntu 24.04 Noble Numbat.

Step 1: Update Your Package List

Before starting, ensure your package list is up to date. Open your terminal and run:

$ sudo apt update

This command refreshes the package list and ensures you have the latest information on available packages.

Step 2: Install Nginx and Certbot

Certbot is a tool that automates the process of obtaining and installing SSL certificates from Let’s Encrypt. Install Nginx and Certbot by running:

$ sudo apt install nginx certbot python3-certbot-nginx

Step 3: Configure Your Domain

Make sure your domain is correctly configured and pointing to your server’s IP address. You can use DNS tools like dig or online services to verify this. For example:

$ dig yourdomain.com +short

This command should return your server’s IP address.

Step 4: Allow HTTPS Traffic

If you have a firewall enabled, ensure that it allows HTTPS traffic. Run the following commands to allow traffic on both HTTP (port 80) and HTTPS (port 443):

$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'

The first command allows both HTTP and HTTPS traffic, and the second command removes the previous rule that allowed only HTTP traffic.

Step 5: Obtain an SSL Certificate

Use Certbot to obtain an SSL certificate for your domain. Certbot will automatically configure Nginx to use the certificate. Run:

$ sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com and www.yourdomain.com with your actual domain names. Certbot will guide you through the process, including verifying your domain ownership and configuring Nginx.

During this process, you’ll be prompted to enter your email address for urgent renewal and security notices, and agree to the Let’s Encrypt terms of service.

Step 6: Verify SSL Certificate Installation

After Certbot completes the installation, it will reload Nginx to apply the new configuration. To verify the installation, open your browser and navigate to:

https://yourdomain.com

You should see your website served over HTTPS with a secure connection. You can also use SSL checking tools like SSL Labs to verify your SSL certificate’s details and configuration.

Step 7: Automatic Renewal

Let’s Encrypt certificates are valid for 90 days, but Certbot will automatically handle the renewal process. To ensure the renewal process works correctly, you can simulate a renewal with:

$ sudo certbot renew --dry-run

This command tests the renewal process without making any actual changes.

Step 8: Advanced Configuration (Optional)

Redirect HTTP to HTTPS

To ensure all traffic is encrypted, you can configure Nginx to redirect HTTP requests to HTTPS. Edit your Nginx server block configuration:

$ sudo nano /etc/nginx/sites-available/yourdomain.com

Add the following configuration to the top of the file:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}

This configuration will redirect all HTTP traffic to HTTPS. Save and close the file, then reload Nginx:

$ sudo systemctl reload nginx

Additional Security Enhancements

For enhanced security, you can configure stronger SSL settings in your Nginx configuration. Add or modify the following settings in your SSL server block:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

These settings ensure that Nginx uses the latest and most secure protocols and ciphers.

Conclusion

You’ve successfully installed SSL certificates on your Nginx web server running Ubuntu 24.04 Noble Numbat. Your website is now secured with HTTPS, providing encrypted communication and enhanced security for your users.

Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.