Install and Configure Nginx with Let's Encrypt in Debian Jessie Linux

Phoenix Eve Aspacio -

Introduction

This guide will show you how to install Nginx and setup a site with a free Lets Encrypt certificate in Debian Jessie Linux.

Installing Nginx

Make sure your repositories and server are up-to-date, you can do this by running:

sudo apt -y update && sudo apt -y dist-upgrade

Once you've completed all upgrades, install Nginx with:

sudo apt -y install nginx

Installing Certbot

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

sudo apt -y install certbot -t jessie-backports

Nginx Configuration

Here we'll clear and create a new "default" config for Nginx, first start by clearing the default config file here:

Now we need to create a new config file with your domains details, nano /etc/nginx/sites-available/default

server {
    server_name YOURDOMAIN www.YOURDOMAIN;
    root /var/www/html;
    index index.html;
    location ~ /.well-known {
                allow all;
        }
}

Test the config works with nginx -t, it should come back with success. If it does restart Nginx to load the config, service nginx restart

Certificate Requests

Here we're going to request the SSL certificate for your domain, here you'll need to make sure the domain you want an SSL for has the correct A record since Lets Encrpyt will run a validation check. If this is invalid the SSL won't issue.

Assuming the A record is in place run:

certbot certonly -a webroot --webroot-path=/var/www/html -d YOURDOMAIN -d www.YOURDOMAIN

You'll be asked to provide a renewal reminder email and accept the terms.

Once complete you should be given a Congratulations! message and the path to your SSL.

Here we need to config Nginx for the SSL.

More Nginx Configuration

Open up the Nginx config and edit the config below as required,  nano /etc/nginx/sites-available/default

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name example.com www.example.com;
    return 301 https://\$server_name\$request_uri;
}
server {
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/YOURDOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN/privkey.pem
    server_name YOURDOMAIN www.YOURDOMAIN;
    root /var/www/html;
    index index.html;
    location ~ /.well-known {
                allow all;
        }
}

Test the config again with nginx -t and restart nginx service nginx restart

Load your site using the domain in the config and you should a secure site.