# Adding a free SSL Certificate to an Nginx Site Using Certbot

## **Introduction**

In today's [digital](https://bytescrum.com/) world, security is paramount, especially when it comes to transmitting sensitive information over the internet. One of the most effective ways to secure your website is by using an SSL certificate. In this blog post, we will guide you through the process of adding an <mark>SSL certificate to your Nginx site using Certbot, a free and open-source tool for managing SSL certificates</mark>.

### **What is SSL and Why is it Important?**

[SSL](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04) (Secure Sockets Layer) is a security protocol that encrypts the data transmitted between a user's web browser and the web server. This encryption ensures that the data remains private and secure, protecting it from being intercepted by malicious actors.

Having an [SSL](https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/) certificate installed on your website not only helps protect your users' data but also improves your website's trustworthiness and search engine ranking. With the rise of cybersecurity threats, having an [SSL](https://www.linode.com/docs/guides/enabling-https-using-certbot-with-nginx-on-ubuntu/) certificate has become necessary for all websites.

### **Prerequisites**

Before we begin, make sure you have the following:

* A [domain](https://azdigi.com/blog/en/linux-server-en/install-lets-encrypt-ssl-with-certbot-on-nginx/) name pointing to your server's IP address.
    
* Nginx installed on your server.
    
* sudo access to your server.
    

### **Step 1: Install Certbot**

[Certbot](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal) is available in the default Ubuntu repositories. You can install it using the following commands:

```bash
sudo apt update
sudo apt install certbot python3-certbot-nginx
```

### **Step 2: Obtain an SSL Certificate**

To obtain an [SSL](https://medium.com/@vinoji2005/guide-to-setup-lets-encrypt-ssl-in-nginx-be3d641bb58a) certificate for your domain, run the following command:

```bash
sudo certbot --nginx -d example.com
```

Replace [`example.com`](http://example.com) with your domain name. Certbot will automatically detect your Nginx configuration and update it to use the SSL certificate.

### **Step 3: Configure Nginx to Use the SSL Certificate**

<mark>Certbot automatically updates your Nginx configuration to use the SSL certificate</mark>. You can verify this by checking your Nginx configuration file (usually located at `/etc/nginx/sites-available/default` or `/etc/nginx/nginx.conf`). You should see lines similar to the following:

```bash
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ...
}
```

### **Step 4: Test the Configuration and Restart Nginx**

Before you restart [Nginx](https://www.milesweb.in/hosting-faqs/how-to-secure-nginx-with-lets-encrypt-on-ubuntu-20-04/), <mark>it's important to test the configuration to ensure there are no syntax errors</mark>. You can do this by running:

```bash
sudo nginx -t
```

If the test is successful, restart Nginx to apply the changes:

```bash
sudo systemctl restart nginx
```

### **Step 5: Verify the SSL Certificate**

To verify that your SSL certificate is installed correctly, visit your website using `https://` in your web browser. You should see a padlock icon indicating that your connection is secure.

### **Step 6: Automate Certificate Renewal (Optional)**

SSL certificates expire after a certain period, so automating the renewal process is important. Certbot automatically sets up a cron job to renew your certificates. You can test the renewal process with the following command:

```bash
sudo certbot renew --dry-run
```

<details data-node-type="hn-details-summary"><summary>Conclusion</summary><div data-type="detailsContent">In this <a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.bytescrum.com/" style="pointer-events: none">blog</a> post, we've covered how to add an SSL certificate to your Nginx site using Certbot. By following these steps, you can secure your website and protect your users' data. Remember to renew your SSL certificate to ensure continuous protection regularly.</div></details>
