How to Install and Configure Certbot (Let’s Encrypt) for Nginx on Ubuntu
Setting up a secure website isn’t just a “nice-to-have” anymore — it’s essential. Search engines reward HTTPS-enabled sites, and visitors trust them more.
In this guide, you’ll learn how to configure Nginx as a reverse proxy for a Docker-based blog and secure it with a free Let’s Encrypt SSL certificate using Certbot.
Why This Matters
By following this setup, you’ll get:
- HTTPS encryption for better security and SEO.
- Automatic SSL renewal so you never worry about expiration.
- Optimized Nginx reverse proxy for smooth Docker container integration.
Prerequisites
Before you begin, make sure you have:
- A Ubuntu/Debian server with
sudoaccess. - Docker installed and your blog running inside a container.
- A domain name pointing to your server’s IP address.
- Ports 22, 80, and 443 open in your firewall.
Step 1 – Update and Install Required Packages
First, update your system and install Nginx:
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx
Install Certbot with Nginx plugin for Let’s Encrypt:
sudo apt install -y certbot python3-certbot-nginx
Step 2 – Configure the Firewall
Allow traffic for SSH, HTTP, and HTTPS:
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
sudo ufw status
Step 3 – Create Nginx Configuration for Your Domain
Open a new configuration file:
sudo nano /etc/nginx/sites-available/your-blog.com
Replace your-blog.com with your domain and container_name:port with your Docker container’s name and port.
server {
listen 80;
server_name your-blog.com www.your-blog.com;
location / {
proxy_pass http://container_name:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /.well-known/acme-challenge/ {
root /var/www/html;
try_files $uri $uri/ =404;
}
}
Enable the site and restart Nginx:
sudo ln -s /etc/nginx/sites-available/your-blog.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
Step 4 – Get Your SSL Certificate
Run Certbot to automatically configure HTTPS:
sudo certbot --nginx -d your-blog.com -d www.your-blog.com
Follow the prompts:
- Enter your email for renewal notifications.
- Accept Let’s Encrypt terms.
- Choose the option to redirect HTTP to HTTPS (recommended).
Step 5 – Verify Your HTTPS Setup
Visit your site in a browser:
https://your-blog.com
You should see a padlock icon indicating a secure connection.
Step 6 – Automatic Certificate Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot usually sets up automatic renewal, but you can check:
sudo systemctl status certbot.timer
Test renewal manually:
sudo certbot renew --dry-run
If not active, add a cron job:
sudo crontab -e
0 3 * * * certbot renew --quiet && systemctl restart nginx
Step 7 – Useful Maintenance Commands
- Check Nginx logs:
sudo tail -f /var/log/nginx/error.log
- Check Docker container:
docker ps
- Remove a certificate:
sudo certbot delete --cert-name your-blog.com
Final Tips
Pro Tip: Always make sure all internal and external links use
https://to avoid mixed-content issues.
By setting up Nginx with Let’s Encrypt, you’re ensuring your blog is secure, SEO-friendly, and trusted by visitors. This setup works not only for blogs but for any web app running inside Docker.
🚀 Explore more guides on our blog 👉 blog.1it.pro
📧 Contact us: admin@1it.pro for expert IT guidance.
🌐 Explore more: Visit 1it.pro for top-tier IT solutions.