MarqueFactory LogoMarqueFactory
DevOps

Complete Guide: Install Nginx and Free Let’s Encrypt SSL on Linux Server

LinuxNginxSSLHTTPSLet's EncryptCertbotDevOps

Complete Guide: Install Nginx and Free Let’s Encrypt SSL on Linux Server

Introduction

This guide walks you through installing Nginx and securing it with free HTTPS using Let’s Encrypt on a Linux server.
It is suitable for production servers, APIs, Node.js apps, and static websites.

Prerequisites

  • Ubuntu 20.04+ (or Debian-based Linux)
  • Root or sudo access
  • A registered domain name
  • Domain pointing to your server IP
  • Open ports 80 and 443

Part 1 — Install Nginx on Linux Server

Step 1 — Update System Packages

sudo apt update && sudo apt upgrade -y

Step 2 — Install Nginx

sudo apt install nginx -y

Step 3 — Start and Enable Nginx

sudo systemctl start nginx
sudo systemctl enable nginx

Verify status:

sudo systemctl status nginx

Step 4 — Firewall Configuration

sudo ufw allow 'Nginx Full'
sudo ufw reload

Step 5 — Verify Nginx Installation

Open browser:

http://SERVER_IP

Or test via terminal:

curl http://localhost

Part 2 — Create a Server Block (Virtual Host)

sudo mkdir -p /var/www/example.com
sudo nano /etc/nginx/sites-available/example.com

server {
    listen 80;
    server_name example.com www.example.com;

    root /var/www/example.com;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Enable site:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Test configuration:

sudo nginx -t
sudo systemctl reload nginx

Part 3 — Install Free Let’s Encrypt SSL

Step 1 — Install Certbot

sudo apt install certbot python3-certbot-nginx -y

Step 2 — Obtain SSL Certificate

sudo certbot --nginx

Follow prompts:

  • Enter email
  • Accept terms
  • Select domain
  • Choose HTTPS redirect (recommended)

Step 3 — Verify HTTPS

Visit:

https://example.com

Check certificates:

sudo certbot certificates

Part 4 — Auto Renewal of SSL

Let’s Encrypt certificates renew automatically.

Test renewal:

sudo certbot renew --dry-run

Check system timer:

systemctl list-timers | grep certbot

Common Issues & Fixes

Domain Not Pointing to Server

Ensure DNS A record:

example.com → SERVER_IP

Ports Blocked

sudo ufw allow 80
sudo ufw allow 443

Useful Commands

sudo nginx -t
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo certbot renew

Conclusion

You now have:

  • ✅ Nginx installed
  • ✅ HTTPS enabled with Let’s Encrypt
  • ✅ Auto-renewing SSL certificates

This setup is secure, SEO-friendly, and production-ready.

Author

Marquefactory DevOps Team