Let’s Encrypt provides free, automated SSL/TLS certificates. With Certbot, you can obtain and auto-renew certificates for your Nginx-hosted domains in minutes, enabling HTTPS with no cost. This guide walks through the full process on Ubuntu 26.04 LTS.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS server with Nginx installed and running
- A domain name with an A record pointing to your server IP
- Port 80 and 443 open in UFW
Step 1 – Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx -yStep 2 – Allow HTTPS Through UFW
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'Step 3 – Obtain an SSL Certificate
Run Certbot with the Nginx plugin — it reads your server_name from the Nginx config:
sudo certbot --nginx -d example.com -d www.example.comFollow prompts: enter email, agree to terms, and choose whether to redirect HTTP to HTTPS (recommended).
Step 4 – Verify HTTPS
Visit https://example.com in your browser, or:
curl -I https://example.comStep 5 – Test Certificate Auto-Renewal
Certbot installs a systemd timer for auto-renewal. Test the renewal process:
sudo certbot renew --dry-runStep 6 – Check the Renewal Timer
sudo systemctl status certbot.timerStep 7 – Review the Modified Nginx Config
Certbot modifies your server block to add SSL directives. Review:
sudo cat /etc/nginx/sites-available/example.comConclusion
Your Nginx server on Ubuntu 26.04 LTS now serves traffic over HTTPS with a free Let’s Encrypt certificate that renews automatically every 90 days. Check your SSL rating at ssllabs.com/ssltest for further hardening tips.
