Setup free Let’s Encrypt SSL/TLS Certificates for NGINX Reverse Proxies

~ Gerald

If you have your website running behind an NGINX Reverse Proxy, you may be wondering how you can enable HTTPS traffic to your Reverse Proxy server using your website’s domain. Luckily the setup is quick, easy, and free thanks to Let’s Encrypt. You may also want to check out the amazing Using Free Let’s Encrypt SSL/TLS Certificates with NGINX guide from the NGINX team themselves.

tl;dr

  1. sudo apt-get update && sudo apt-get install -y python3-certbot-nginx
  2. sudo certbot --nginx -d <your domain> -d www.<your domain>

Download Let’s Encrypt client

First, you have to download the Let’s Encrypt client. My server hosting the reverse proxy runs on Ubuntu 22.04, hence the install steps are tailored toward Ubuntu. The certbot-nginx package is available by default. Note, I’m installing the python3-certbot-nginx package, as the NGINX blog post mentioned above states: “With Ubuntu 18.04 and later, substitute the Python 3 version.

$ sudo apt-get update
$ sudo apt-get install python3-certbot-nginx

Obtain SSL/TLS Certificate

Once the client is installed, all you have to do is to invoke it and generate a certificate for your domain. This can be done via:

sudo certbot --nginx -d <your domain> -d www.<your domain>

For example:

sudo certbot --nginx -d example.com -d www.example.com

Certbot will ask you for your email address “used for urgent renewal and security notices”, your agreement to the Terms and Conditions of the Service, and whether your email should be shared with the Electronic Frontier Foundation. Once you have provided your responses, certbot will install the certificate for you. On successful completion, you should see something like this:

Requesting a certificate for example.com and www.example.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2023-05-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for example.com to /etc/nginx/sites-enabled/reverse_proxy
Successfully deployed certificate for www.example.com to /etc/nginx/sites-enabled/reverse_proxy
Congratulations! You have successfully enabled HTTPS on https://example.com and https://www.example.com

Note that certbot automatically installs a systemd timer for the certificate renewal. You can find it via sudo systemctl list-timers.

That’s it, you are all done.

Published by Gerald

Developer, Oracle expert, performance enthusiast and genuine technology geek.

One thought on “Setup free Let’s Encrypt SSL/TLS Certificates for NGINX Reverse Proxies

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.