How to Install Free SSL Certificate for Nginx on Debian 10

When setting up a website, one of the key considerations that you should have in mind is your site’s security. An SSL certificate is a digital certificate that encrypts data that is sent from a user’s browser to a web server. This way, data sent is confidential and safe from hackers who use packet sniffers like Wireshark to intercept and eavesdrop on your communication.

An encrypted site have a padlock symbol in the URL bar followed by the acronym https as shown in the following screenshot.

Check SSL Certificate on Website

An unencrypted site usually has a 「Not Secure」 notification at the URL bar.

Prerequisites

Before we begin, ensure the following requirements have been satisfied:

1. A running instance of Debian 10 Minimal Server.
2. A running instance of Nginx Web Server with Domain Setup on Debian 10.
3. A registered Fully Qualified Domain Name (FQDN) with the A record pointing to the IP address of the Debian 10 on your Domain Provider.

For this tutorial, we have tecmint.com pointed to the IP address 192.168.0.104.

In this article, we examine how you can install Let’s Encrypt SSL on Debian 10 to obtain a Free SSL Certificate for Nginx hosted site.

What is Let’s Encrypt SSL

Let’s Encrypt SSL is a free certificate from EFF (Electronic Frontier Foundation) that is valid for 3 months and auto renews upon expiry. It’s an easy and cheap way to encrypt your site if your pockets are tight.

Without much further ado, let’s dive in and install Let’s Encrypt on Nginx web server:

Step 1: Install Certbot in Debian 10

To start off we need to install Certbot – is a software that fetches the Let’s encrypt digital certificate and later deploys it on a web server. To accomplish this, we need to install the python3-certbot-nginx package. But before we do so, let’s first update the system packages.

$ sudo apt update

Update Debian System Packages

The next step is to install the dependencies required by python3-certbot-nginx package.

$ sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Now let’s install the python3-certbot-nginx package.

$ sudo apt install python3-certbot-nginx

Install Certbot on Debian Step 2. Verifying Nginx Server Block Configuration

For certbot to automatically deploy Let’s encrypt SSL certificate on Nginx web server, a server block needs to be configured. We covered configuration of Nginx server blocks on the last section of the previous article.

If you followed keenly, you should have a server block at /etc/nginx/sites-available/some_domain. In our case, the Nginx server block will be

/etc/nginx/sites-available/tecmint.com

In addition , ensure the server_name directive corresponds to your domain name.

server_name tecmint.com www.tecmint.com;

To confirm all Nginx configurations are in order, run:

$ sudo nginx -t

Check Nginx Configuration

The output above indicates that all is well.

Step 3: Configure the Firewall to Open HTTPS Port

In case you have ufw configured and enabled, as is always recommended, we need to allow the HTTPS protocol across the firewall so that the web server is accessible to everyone.

$ sudo ufw allow 'Nginx Full'

Next, reload the firewall to effect the changes.

$ sudo ufw reload

Open Nginx Ports on UFW

To verify that we have allowed the protocol through the firewall.

$ sudo ufw status

Verify UFW Status Step 4: Deploying Let’s Encrypt SSL Certificate for Domain

With all the settings and configurations in check, it’s time to fetch and deploy Let’s Encrypt SSL certificate on domain site.

$ sudo certbot --nginx -d domain-name  -d www.domain-name.com 

In our case, we shall have

$ sudo certbot --nginx -d tecmint.com -d www.tecmint.com

In the first step, you will be prompted to Enter your email address. Type your address and hit Enter.

Add Email to Let’s Encrypt

Next, you will be asked to agree the terms of service. Type A to proceed.

Accept License Agreements

Certbot will proceed to ask for your consent in using your email to send you notifications about latest developments in EFF. Here, you can choose to opt in or opt out, to opt in , type Y (Yes) and hit Enter. To decline participation hit N (No).

Share Email with EFF

Certbot will then contact Let’s encrypt, download the SSL certificate and deploy it to the Nginx server block that you already created.

Install SSL Certificate on Nginx Domain

In the next section,  Type 2 to redirect the usual HTTP traffic to HTTPS.

Redirect HTTP to HTTPS on Domain

The certificate will be deployed to your Nginx Server and you will receive a congratulatory notification to confirm that your web server is now encrypted using Let’s Encrypt SSL.

Enabled Let’s Encrypt SSL Certificate on Domain Step 5: Verify HTTPS on Nginx Website

To verify the changes via a web browser, refresh your browser tab and be sure to notice the padlock symbol.

Check SSL Certificate on Website

Click on the padlock icon and select ‘Certificate’ option to view SSL certificate details.

Verify HTTPS on Website

All the certificate details will be displayed.

Check SSL Certificate Issuer

You can further verify the status of your web server by testing your site’s URL at https://www.ssllabs.com/ssltest/. If  the web server is encrypted using an SSL certificate, you will get an A score as shown.

Test SSL Certificate of Website Conclusion

We have come to the end of this tutorial. In guide, you learnt how to install a free SSL certificate for Nginx on Debian 10.