Kien's Tech Blog

Install Nginx with Lets Encrypt on Ubuntu 20.04 and Certbot

#linux#nginx
Published on
3 mins read
--- views

1. Lab on EC2 Instance Ubuntu 20.04 LTS

  • Ubuntu 20.04 t3.micro (cpu cores > 1)
  • Public subnet
  • Enable public ip
  • Create Security Group nginx
  • Open port 80 và 443

  • Create key pair

  • Update devops key pair

chmod 400 keypair.pem

2. Install Nginx Ubuntu 20.04 LTS

SSH to the Ubuntu server

ssh -i keypair.pem ubuntu@13.229.136.122

Update Ubuntu packages

sudo apt update
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
sudo apt update
sudo apt install nginx
Start nginx
sudo systemctl start nginx

Enable nginx

sudo systemctl enable nginx

Checking nginx status

sudo systemctl status nginx

3. Install Nginx Server Block

Checking nginx configure main

cat /etc/nginx/nginx.conf

Checking configure nginx

cat /etc/nginx/conf.d/default.conf

Create folder cho website sudo mkdir -p /var/www/metexblog.com/html

Checking ownership

sudo chown -R $USER:$USER /var/www/metexblog.com/html

Update permissions

sudo chmod -R 755 /var/www/metexblog.com/

Create a web page

vi /var/www/metexblog.com/html/index.html

<html>
    <head>
        <title>Welcome to metexblog.com!</title>
    </head>
    <body>
        <h1>Success!  The metexblog.com server block is working!</h1>
    </body>
</html>

Create sites-available directory

sudo mkdir /etc/nginx/sites-available/

Create sites-enabled directory

sudo mkdir /etc/nginx/sites-enabled

Create nginx server block

sudo vi /etc/nginx/sites-available/metexblog.com

server {
        listen 80;

        root /var/www/metexblog.com/html;
        index index.html;

        server_name metexblog.com www.metexblog.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

Add configure

sudo vi /etc/nginx/nginx.conf

include /etc/nginx/sites-enabled/*;

Create symlink

sudo ln -s /etc/nginx/sites-available/metexblog.com /etc/nginx/sites-enabled/

Test nginx config

sudo nginx -t

Reload nginx config

sudo nginx -s reload

Create A records Checking DNS

dig metexblog.com
dig www.metexblog.com

4. Install Certbot on Ubuntu 20.04 LTS

snap version

If not install snap

apt policy snapd; `apt install snapd`
sudo snap install core; sudo snap refresh core

Delete certbot-auto and all Certbot OS packages if before

sudo apt-get remove certbot

Install Certbot

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Checking certbot version

sudo certbot --version

5. Setting Nginx with Lets Encrypt on Ubuntu 20.04 LTS

Test certbot

sudo certbot --nginx --test-cert

Open nginx block

cat /etc/nginx/sites-available/metexblog.com

Acess browser https://metexblog.com

Genarate certificate

sudo certbot --nginx

Vào browser https://metexblog.comhttps://www.metexblog.com

Test renewal

sudo certbot renew --dry-run

checking systemctl times

systemctl list-timers

6. Clean Up

  • Delete EC2 instance
  • Delete security group nginx
  • Delete key pair devops
  • Remove A records

7. Reference