Secure Nginx with Free Let’s Encrypt SSL Certificate on Ubuntu 16 Xenial Xerus

Video ready, click here to close ×

in This Tutorial you will learn How To Secure Nginx web server with Free Let’s Encrypt SSL Certificate on Ubuntu 16 04 Xenial Xerus
Let’s Encrypt is a new non-profit Certificate Authority (CA) sponsored and founded by industry advocates; such as, the Electronic Frontier Foundation (EFF), Mozilla, and the Internet Security Research Group (ISRG). Let’s Encrypt will be launching very soon and will be offering free SSL certificates
SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free.

sudo apt-get install git bc && sudo git clone /opt/letsencrypt

gedit /etc/nginx/sites-available/
location ~ /.well-known {
allow all;

sudo nginx -t
sudo service nginx reload

Generate an SSL Certificate:-
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot –webroot-path=/var/www/ -d
Change webroot-path to your site’s document root path-
Change “” to your own domain name –

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

gedit /etc/nginx/snippets/
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

gedit /etc/nginx/snippets/ssl-params.conf
# from
# and

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented…


Leave a Reply

Your email address will not be published. Required fields are marked *