Installing and Configuring nginx with Let’s Encrypt on Debian: A Step-by-Step Guide

how to install and configure nginx with Let’s Encrypt on Debian:

1. First, make sure you have a domain name registered and pointing to your server. This will be necessary for the Let’s Encrypt certificate to work properly.
2. Next, update your package repositories and install the nginx and certbot (the Let’s Encrypt client) packages:

sudo apt update
sudo apt install nginx certbot

3. Once the installation is complete, open the nginx configuration file (/etc/nginx/nginx.conf) and make sure that the server_names_hash_bucket_size directive is set to 64:

http {
    ...
    server_names_hash_bucket_size 64;
    ...
}

This will allow nginx to support long domain names, which are required for Let’s Encrypt certificates.

4. Create a new nginx server block configuration file for your domain in the /etc/nginx/sites-available directory. For example, if your domain is example.com, you would create a file called example.com:

sudo nano /etc/nginx/sites-available/example.com

Inside this file, you can add a basic configuration for your server block. For example:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    root /var/www/example.com;
}

This configuration tells nginx to listen for HTTP requests on port 80 for the example.com and www.example.com domains, and to serve content from the /var/www/example.com directory.

5. Next, create a symbolic link from the sites-available directory to the sites-enabled directory to enable the server block:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

6. Now it’s time to get a Let’s Encrypt SSL certificate for your domain. To do this, run the certbot command with the --nginx flag, which will automatically configure nginx to use the certificate:

sudo certbot --nginx -d example.com -d www.example.com

This will start the certificate issuance process, which will involve verifying that you own the domain and setting up an SSL certificate for it. Follow the prompts to complete the process.

7. Once the certificate is issued, nginx will be automatically configured to use it. However, you may want to modify the nginx configuration to redirect all HTTP traffic to HTTPS. To do this, open the server block configuration file for your domain and add the following lines:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name example.com www.example.com;
    root /var/www/example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

This configuration tells nginx to listen for HTTP traffic on port 80 and redirect it to HTTPS on port 443, and to listen for HTTPS traffic on port 443 and serve content from the /var/www/example.com directory.

8. Save the configuration file and test the nginx configuration to make sure there are no syntax errors:

sudo nginx -t

If the configuration is valid, you should see a message saying “syntax is ok” and “test is successful”.

9. If the configuration is valid, reload nginx to apply the changes:

sudo systemctl reload nginx

10. Your nginx server is now configured to use a Let’s Encrypt SSL certificate and redirect all HTTP traffic to HTTPS. To ensure that your certificate is automatically renewed before it expires, you can set up a cron job to run the certbot renew command on a regular basis. To do this, open the crontab editor:

sudo crontab -e

And add the following line to run the certbot renew command every week:

0 0 * * 0 certbot renew

This will ensure that your certificate is renewed automatically and your server stays secure.

That’s it! You have successfully installed and configured nginx with a Let’s Encrypt SSL certificate on Debian.