how to install and configure nginx with Let’s Encrypt on Debian:
- First, make sure you have a domain name registered and pointing to your server. This will be necessary for the Let’s Encrypt certificate to work properly.
- Next, update your package repositories and install the
nginx
andcertbot
(the Let’s Encrypt client) packages:
sudo apt update
sudo apt install nginx certbot
- Once the installation is complete, open the nginx configuration file (
/etc/nginx/nginx.conf
) and make sure that theserver_names_hash_bucket_size
directive is set to64
:
http {
...
server_names_hash_bucket_size 64;
...
}
This will allow nginx to support long domain names, which are required for Let’s Encrypt certificates.
- Create a new nginx server block configuration file for your domain in the
/etc/nginx/sites-available
directory. For example, if your domain isexample.com
, you would create a file calledexample.com
:
sudo nano /etc/nginx/sites-available/example.com
Inside this file, you can add a basic configuration for your server block. For example:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/example.com;
}
This configuration tells nginx to listen for HTTP requests on port 80 for the example.com
and www.example.com
domains, and to serve content from the /var/www/example.com
directory.
- Next, create a symbolic link from the
sites-available
directory to thesites-enabled
directory to enable the server block:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
- Now it’s time to get a Let’s Encrypt SSL certificate for your domain. To do this, run the
certbot
command with the--nginx
flag, which will automatically configure nginx to use the certificate:
sudo certbot --nginx -d example.com -d www.example.com
This will start the certificate issuance process, which will involve verifying that you own the domain and setting up an SSL certificate for it. Follow the prompts to complete the process.
- Once the certificate is issued, nginx will be automatically configured to use it. However, you may want to modify the nginx configuration to redirect all HTTP traffic to HTTPS. To do this, open the server block configuration file for your domain and add the following lines:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com www.example.com;
root /var/www/example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
This configuration tells nginx to listen for HTTP traffic on port 80 and redirect it to HTTPS on port 443, and to listen for HTTPS traffic on port 443 and serve content from the /var/www/example.com
directory.
- Save the configuration file and test the nginx configuration to make sure there are no syntax errors:
sudo nginx -t
If the configuration is valid, you should see a message saying “syntax is ok” and “test is successful”.
- If the configuration is valid, reload nginx to apply the changes:
sudo systemctl reload nginx
- Your nginx server is now configured to use a Let’s Encrypt SSL certificate and redirect all HTTP traffic to HTTPS. To ensure that your certificate is automatically renewed before it expires, you can set up a cron job to run the
certbot renew
command on a regular basis. To do this, open the crontab editor:
sudo crontab -e
And add the following line to run the certbot renew
command every week:
0 0 * * 0 certbot renew
This will ensure that your certificate is renewed automatically and your server stays secure.
That’s it! You have successfully installed and configured nginx with a Let’s Encrypt SSL certificate on Debian.