How to configure Nginx with Let's Encrypt on Debian/Ubuntu Linux

To configure Nginx with a Let's Encrypt TLS/SSL certificate on Debian or Ubuntu, you will need to perform the following steps:

1. Install the Let's Encrypt client, Certbot, by running the following command:

sudo apt-get install python3-certbot-nginx

2. Obtain a TLS/SSL certificate for your domain by running the following command, replacing <domain> with your domain name:

sudo certbot certonly --standalone -d <domain>

This will create a certificate and private key pair, and store them in the /etc/letsencrypt/live/<domain> directory.

3. Modify the Nginx configuration file for your domain, usually located at /etc/nginx/sites-available/<domain>, to include the following lines:

server {
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
        ...
}

4. Save the changes to the configuration file and exit the text editor.

5. Test the configuration file for syntax errors by running the following command:

sudo nginx -t

6. If the configuration file is correct, reload Nginx to apply the changes:

sudo systemctl reload nginx

7. Test the TLS/SSL configuration by accessing your domain using https:// instead of http://.

Note that the TLS/SSL certificate issued by Let's Encrypt is only valid for 90 days. You will need to renew the certificate before it expires. To do this, you can run the following command:

sudo certbot renew

This will renew the certificate and update the fullchain.pem and privkey.pem files in the /etc/letsencrypt/live/<domain> directory. You will need to reload Nginx to apply the changes.