Secure Nginx with Let's Encrypt on Ubuntu 18.04 with DNS Validation

To secure an Nginx web server on Ubuntu 18.04 using Let's Encrypt with DNS validation, you can follow these steps:

1. Install the certbot client, which is used to request and renew SSL/TLS certificates from Let's Encrypt:

sudo apt-get install certbot

2. Verify that you have control over the domain for which you want to request a certificate. This can typically be done by adding a DNS record to the domain's DNS configuration.

3. Request a certificate for the domain using the certbot client and the certonly subcommand. Be sure to specify the --dns-route53 option and provide the necessary AWS credentials to use Route 53 as the DNS provider:

sudo certbot certonly --dns-route53 -d example.com -d www.example.com

4. Set up a cron job to renew the certificate automatically. Edit the crontab file:

sudo crontab -e

and add the following line to renew the certificate every month:

0 0 1 * * /usr/bin/certbot renew --quiet

5. Configure Nginx to use the newly obtained SSL/TLS certificate. Edit the Nginx configuration file for the domain and add the following directives:

server {
  listen 443 ssl;
  server_name example.com www.example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

6. Restart Nginx to apply the changes:

sudo systemctl restart nginx

By following these steps, you can secure your Nginx web server on Ubuntu 18.04 using Let's Encrypt with DNS validation. It's always a good idea to carefully review the documentation and use the appropriate options and syntax when working with Let's Encrypt and Nginx. This will help ensure that your SSL/TLS configuration is secure and effective.