Securing Nginx with Let’s Encrypt on Ubuntu 20.04

Prerequisites

Ubuntu 20.04 server with sudo user
Registered domain name
DNS A records configured
Nginx installed with server block configuration
Firewall enabled

Installation Steps

1. Install Certbot

sudo apt install certbot python3-certbot-nginx

2. Configure Nginx

Verify server block configuration at /etc/nginx/sites-available/domain.com:

server_name domain.com www.domain.com;

3. Configure Firewall

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

4. Obtain SSL Certificate

sudo certbot --nginx -d domain.com -d www.domain.com

5. Verify Auto-Renewal

sudo systemctl status certbot.timer
sudo certbot renew --dry-run

Key Information

Certificates valid for 90 days
Automatic renewal via systemd timer
Renewal occurs when certificate is within 30 days of expiration
Certbot automatically configures Nginx and reloads when necessary
Certificates stored in /etc/letsencrypt/live/domain.com/