{"id":15851,"date":"2024-07-06T21:36:23","date_gmt":"2024-07-06T18:06:23","guid":{"rendered":"https:\/\/www.itpiran.net\/blog\/?p=15851"},"modified":"2024-07-06T21:36:23","modified_gmt":"2024-07-06T18:06:23","slug":"how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/","title":{"rendered":"How to secure Nginx with Let&#039;s Encrypt on Ubuntu 18.04"},"content":{"rendered":"<h2 id=\"%d9%85%d9%82%d8%af%d9%85%d9%87\">Introduction<\/h2>\n<p>Let&#039;s Encrypt is a Certificate Authority (CA) that provides a way to obtain and install free TLS\/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies this process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate on Apache and Nginx is fully automated.<\/p>\n<p>In this tutorial, you will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 18.04 and set your certificate to auto-renew.<\/p>\n<h5 id=\"%d9%be%db%8c%d8%b4-%d9%86%db%8c%d8%a7%d8%b2%d9%87%d8%a7\">Prerequisites<\/h5>\n<ul>\n<li>An Ubuntu 18.04 server was set up by following this initial server setup for Ubuntu 18.04, including a non-root sudo user and a firewall.<\/li>\n<li>A fully registered domain name This tutorial will use your_domain throughout. You can buy a domain name at Namecheap, get a domain name for free at Freenom, or use a domain registrar of your choice.<\/li>\n<li>Both of the following DNS records are set up for your server. For more details on how to add them, you can follow this introduction to DigitalOcean DNS.<\/li>\n<li>A record with your_domain pointing to the public IP address of your server.<\/li>\n<li>A record with www.your_domain pointing to the public IP address of your server.<\/li>\n<li>Nginx is installed by following how to install Nginx on Ubuntu 18.04. Make sure you have a server block for your domain. Again, this tutorial uses \/etc\/nginx\/sites-available\/your_domain as an example.<\/li>\n<\/ul>\n<h2 id=\"%d9%85%d8%b1%d8%ad%d9%84%d9%87-1-%d9%86%d8%b5%d8%a8-certbot\">Step 1 \u2013 Install Certbot<\/h2>\n<p>The first step to using Let&#039;s Encrypt to obtain an SSL certificate is to install the Certbot software on your server.<\/p>\n<p>The Certbot project recommends that most users install software via snap, a package manager originally developed by Canonical (the company behind Ubuntu) and now available in many Linux distributions:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo snap install --classic certbot<\/code><\/pre>\n<\/div>\n<\/div>\n<p>Your output will show the current version of Certbot and a successful installation:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-plain\" data-lang=\"Plain Text\"><code>Output\r\ncertbot 1.21.0 from Certbot Project (certbot-eff\u2713) installed<\/code><\/pre>\n<\/div>\n<p>Next, create a symbolic link to the newly installed executable \/snap\/bin\/certbot from the \/usr\/bin\/ folder. This ensures that the certbot command can be run properly on your server. To do this, run the following ln command. It includes the -s flag, which creates a symbolic or soft link, as opposed to a hard link:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n<\/div>\n<p>Certbot is now ready to use, but before it can configure SSL for Nginx, you need to verify some Nginx settings.<\/p>\n<h2 id=\"%d9%85%d8%b1%d8%ad%d9%84%d9%87-2-%d8%aa%d8%a3%db%8c%db%8c%d8%af-%d9%be%db%8c%da%a9%d8%b1%d8%a8%d9%86%d8%af%db%8c-nginx\">Step 2 \u2013 Verify Nginx Configuration<\/h2>\n<p>Certbot needs to be able to find the correct server block in your Nginx configuration so that it can automatically configure SSL. Specifically, it does this by looking for a server_name directive that matches the domain for which you are requesting a certificate.<\/p>\n<p>If you follow the recommended server block setup step in the Nginx installation tutorial, you will have a server block for your domain in \/etc\/nginx\/sites-available\/your_domain with the server_name directive already set up appropriately.<\/p>\n<p>To check, open your domain&#039;s server block file using nano or your favorite text editor:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo nano \/etc\/nginx\/sites-available\/your_domain<\/code><\/pre>\n<\/div>\n<\/div>\n<p>Find the existing server_name line. It should look like this:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-plain\" data-lang=\"Plain Text\"><code>...\r\nserver_name your_domain www.your_domain;\r\n...<\/code><\/pre>\n<\/div>\n<p>If so, exit your editor and move on to the next step.<\/p>\n<p>If it doesn&#039;t, update it to match. Then save the file and exit your editor. If you&#039;re using nano, you can do this by pressing CTRL + X then Y and ENTER.<\/p>\n<p>Now verify the syntax of your configuration edits:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo nginx -t<\/code><\/pre>\n<\/div>\n<p>If you get an error, reopen the server block file and check for typos or missing characters. Once the syntax of your configuration file is correct, reload Nginx to load the new configuration:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo systemctl reload nginx<\/code><\/pre>\n<\/div>\n<p>Certbot can now find the correct server block and update it.<\/p>\n<p>Next, you update the firewall to allow HTTPS traffic.<\/p>\n<h2 id=\"%d9%85%d8%b1%d8%ad%d9%84%d9%87-3-%d8%a7%d8%ac%d8%a7%d8%b2%d9%87-%d8%af%d8%a7%d8%af%d9%86-%d8%a8%d9%87-https-%d8%a7%d8%b2-%d8%b7%d8%b1%db%8c%d9%82-%d9%81%d8%a7%db%8c%d8%b1%d9%88%d8%a7%d9%84\">Step 3 \u2013 Allow HTTPS through the firewall<\/h2>\n<p>If you have enabled the ufw firewall, as recommended by the prerequisite guides, you will need to adjust the settings to allow HTTPS traffic. Fortunately, Nginx registers a few profiles with ufw upon installation.<\/p>\n<p>You can check the current settings by running the following:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo ufw status<\/code><\/pre>\n<\/div>\n<p>You should get output like the following, indicating that only HTTP traffic is allowed to the web server:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-plain\" data-lang=\"Plain Text\"><code>Output\r\nStatus: active\r\nTo Action From\r\n-- ------ ----\r\nOpenSSH ALLOW Anywhere \r\nNginx HTTP ALLOW Anywhere \r\nOpenSSH (v6) ALLOW Anywhere (v6) \r\nNginx HTTP (v6) ALLOW Anywhere (v6)<\/code><\/pre>\n<\/div>\n<p>To allow additional HTTPS traffic, grant full Nginx profile permission and remove the additional Nginx HTTP permission:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo ufw allow 'Nginx Full'\r\nsudo ufw delete allow 'Nginx HTTP'<\/code><\/pre>\n<\/div>\n<p>Now when you run the ufw status command, it will reflect these new rules:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo ufw status<\/code><\/pre>\n<\/div>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-plain\" data-lang=\"Plain Text\"><code>Output\r\nStatus: active\r\nTo Action From\r\n-- ------ ----\r\nOpenSSH ALLOW Anywhere\r\nNginx Full ALLOW Anywhere\r\nOpenSSH (v6) ALLOW Anywhere (v6)\r\nNginx Full (v6) ALLOW Anywhere (v6)<\/code><\/pre>\n<\/div>\n<p>Next, you will run Certbot and obtain your certificates.<\/p>\n<h2 id=\"%d9%85%d8%b1%d8%ad%d9%84%d9%87-4-%d8%af%d8%b1%db%8c%d8%a7%d9%81%d8%aa-%da%af%d9%88%d8%a7%d9%87%db%8c-ssl\">Step 4 \u2013 Obtain an SSL Certificate<\/h2>\n<p>Certbot offers several ways to obtain SSL certificates through plugins. The Nginx plugin will reconfigure Nginx and reload the configuration if necessary. To use this plugin, run the following:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\">sudo certbot --nginx -d your_domain -d your_domain<\/pre>\n<\/div>\n<p>This runs certbot with the \u2013nginx extension and uses -d to specify the names for which you want the certificate to be valid.<\/p>\n<p>If this is your first time running certbot, you will be asked to enter an email address and agree to the terms of service. Once you do this, certbot will contact the Let&#039;s Encrypt server to request a certificate for your domain. If successful, you will receive the following output:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-plain\" data-lang=\"Plain Text\"><code>Output\r\nSuccessfully received certificate.\r\nCertificate is saved at: \/etc\/letsencrypt\/live\/your_domain\/fullchain.pem\r\nKey is saved at: \/etc\/letsencrypt\/live\/your_domain\/privkey.pem\r\nThis certificate expires on 2022-01-27.\r\nThese files will be updated when the certificate renews.\r\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\r\nDeploying certificate\r\nSuccessfully deployed certificate for your_domain to \/etc\/nginx\/sites-enabled\/your_domain\r\nSuccessfully deployed certificate for www.your_domain to \/etc\/nginx\/sites-enabled\/your_domain\r\nCongratulations! You have successfully enabled HTTPS on https:\/\/your_domain and https:\/\/www.your_domain\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nIf you like Certbot, please consider supporting our work by:\r\n* Donating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\r\n* Donating to EFF: https:\/\/eff.org\/donate-le\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<\/code><\/pre>\n<\/div>\n<p>Your certificates will be downloaded, installed, and loaded. Try reloading your website using https:\/\/ and pay attention to your browser&#039;s security indicator. It should show that the site is properly secured, usually with a green lock icon. If you test your server using SSL Labs&#039; server test, it will get an A score.<\/p>\n<p>Now that you have received your SSL certificate, the final step is to test the renewal process.<\/p>\n<h2 id=\"%d9%85%d8%b1%d8%ad%d9%84%d9%87-5-%d8%aa%d8%a3%db%8c%db%8c%d8%af-%d8%aa%d9%85%d8%af%db%8c%d8%af-%d8%ae%d9%88%d8%af%da%a9%d8%a7%d8%b1-certbot\">Step 5 \u2013 Certbot Auto-Renewal Verification<\/h2>\n<p>Let&#039;s Encrypt certificates are only valid for ninety days. This is to encourage users to automate the certificate renewal process. The certbot package you installed takes care of this by adding a renewal script to \/etc\/cron.d. This script runs twice a day and automatically renews any certificate that is within thirty days of expiration.<\/p>\n<p>To test the renewal process, you can do a dry run with certbot:<\/p>\n<div class=\"hcb_wrap\" data-no-translation=\"\" data-no-auto-translation=\"\">\n<pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>sudo certbot renew --dry-run<\/code><\/pre>\n<\/div>\n<p>If you don&#039;t get an error, you&#039;re all set. If necessary, Certbot will renew your certificates and reload Nginx to pick up the changes. If the automatic renewal process fails, Let&#039;s Encrypt will send a message to the email you specified, alerting you when your certificate is about to expire.<\/p>\n<h2 id=\"%d9%86%d8%aa%db%8c%d8%ac%d9%87\">Result<\/h2>\n<p>In this tutorial, you installed the Let&#039;s Encrypt client certbot, downloaded SSL certificates for your domain, configured Nginx to use these certificates, and set up automatic certificate renewal. If you have more questions about using Certbot, their documentation is a good place to start.<\/p>","protected":false},"excerpt":{"rendered":"Introduction Let&#039;s Encrypt is a Certificate Authority (CA) that provides a way to obtain and install free TLS\/SSL certificates\u2026","protected":false},"author":1,"featured_media":15852,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let's Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645","_yoast_wpseo_title":"","_yoast_wpseo_metadesc":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_focuskeywords":"","_yoast_wpseo_primary_category":"193","footnotes":""},"categories":[193,324,369],"tags":[411,404,368],"class_list":{"0":"post-15851","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tutorials","8":"category-security","9":"category-os","10":"tag-nginx","11":"tag-security","12":"tag-ubuntu"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#039;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645 - \u0628\u0644\u0627\u06af ITPiran<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#039;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645 - \u0628\u0644\u0627\u06af ITPiran\" \/>\n<meta property=\"og:description\" content=\"\u0645\u0642\u062f\u0645\u0647 Let\u2019s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u0635\u062f\u0648\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 (CA) \u0627\u0633\u062a \u06a9\u0647 \u0631\u0627\u0647\u06cc \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0648 \u0646\u0635\u0628 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646 TLS\/SSL&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af ITPiran\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-06T18:06:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1793\" \/>\n\t<meta property=\"og:image:height\" content=\"1110\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/person\\\/04ed27b919baca468a2273f8e4318f81\"},\"headline\":\"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645\",\"datePublished\":\"2024-07-06T18:06:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/\"},\"wordCount\":141,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/07\\\/06204200\\\/nginx.jpg\",\"keywords\":[\"nginx\",\"Security\",\"Ubuntu\"],\"articleSection\":[\"\u0622\u0645\u0648\u0632\u0634\u06cc\",\"\u0627\u0645\u0646\u06cc\u062a\",\"\u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/\",\"name\":\"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let's Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645 - \u0628\u0644\u0627\u06af ITPiran\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/07\\\/06204200\\\/nginx.jpg\",\"datePublished\":\"2024-07-06T18:06:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/07\\\/06204200\\\/nginx.jpg\",\"contentUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/07\\\/06204200\\\/nginx.jpg\",\"width\":1793,\"height\":1110},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0622\u0645\u0648\u0632\u0634\u06cc\",\"item\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/category\\\/tutorials\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af ITPiran\",\"description\":\"\u0627\u062e\u0628\u0627\u0631 \u0648 \u0645\u0642\u0627\u0644\u0627\u062a \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\",\"name\":\"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\",\"alternateName\":\"ITPIran Blog\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/cdn.itpiran.net\\\/2023\\\/12\\\/27150508\\\/cropped-ITPIRAN-BLOG-LOGO-2.png\",\"contentUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2023\\\/12\\\/27150508\\\/cropped-ITPIRAN-BLOG-LOGO-2.png\",\"width\":512,\"height\":512,\"caption\":\"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/person\\\/04ed27b919baca468a2273f8e4318f81\",\"name\":\"admin\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/en\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Secure Nginx with Let&#039;s Encrypt on Ubuntu 18.04 - ITPiran Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/","og_locale":"en_US","og_type":"article","og_title":"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let's Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645 - \u0628\u0644\u0627\u06af ITPiran","og_description":"\u0645\u0642\u062f\u0645\u0647 Let\u2019s Encrypt \u06cc\u06a9 \u0645\u0631\u062c\u0639 \u0635\u062f\u0648\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 (CA) \u0627\u0633\u062a \u06a9\u0647 \u0631\u0627\u0647\u06cc \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0648 \u0646\u0635\u0628 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u06af\u0627\u0646 TLS\/SSL&hellip;","og_url":"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/","og_site_name":"\u0628\u0644\u0627\u06af ITPiran","article_published_time":"2024-07-06T18:06:23+00:00","og_image":[{"width":1793,"height":1110,"url":"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg","type":"image\/jpeg"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#article","isPartOf":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/"},"author":{"name":"admin","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/person\/04ed27b919baca468a2273f8e4318f81"},"headline":"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645","datePublished":"2024-07-06T18:06:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/"},"wordCount":141,"commentCount":0,"publisher":{"@id":"https:\/\/www.itpiran.net\/blog\/#organization"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg","keywords":["nginx","Security","Ubuntu"],"articleSection":["\u0622\u0645\u0648\u0632\u0634\u06cc","\u0627\u0645\u0646\u06cc\u062a","\u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/","url":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/","name":"How to Secure Nginx with Let&#039;s Encrypt on Ubuntu 18.04 - ITPiran Blog","isPartOf":{"@id":"https:\/\/www.itpiran.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#primaryimage"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg","datePublished":"2024-07-06T18:06:23+00:00","breadcrumb":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#primaryimage","url":"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg","contentUrl":"https:\/\/cdn.itpiran.net\/2024\/07\/06204200\/nginx.jpg","width":1793,"height":1110},{"@type":"BreadcrumbList","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.itpiran.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u0622\u0645\u0648\u0632\u0634\u06cc","item":"https:\/\/www.itpiran.net\/blog\/category\/tutorials\/"},{"@type":"ListItem","position":3,"name":"\u0686\u06af\u0648\u0646\u0647 Nginx \u0631\u0627 \u0628\u0627 Let&#8217;s Encrypt \u062f\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 18.04 \u0627\u06cc\u0645\u0646 \u06a9\u0646\u06cc\u0645"}]},{"@type":"WebSite","@id":"https:\/\/www.itpiran.net\/blog\/#website","url":"https:\/\/www.itpiran.net\/blog\/","name":"ITPiran Blog","description":"Iranian Sustainable Trade News and Articles","publisher":{"@id":"https:\/\/www.itpiran.net\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.itpiran.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.itpiran.net\/blog\/#organization","name":"Sustainable Iranian Business Blog","alternateName":"ITPIran Blog","url":"https:\/\/www.itpiran.net\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cdn.itpiran.net\/2023\/12\/27150508\/cropped-ITPIRAN-BLOG-LOGO-2.png","contentUrl":"https:\/\/cdn.itpiran.net\/2023\/12\/27150508\/cropped-ITPIRAN-BLOG-LOGO-2.png","width":512,"height":512,"caption":"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/person\/04ed27b919baca468a2273f8e4318f81","name":"admin","url":"https:\/\/www.itpiran.net\/blog\/en\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/comments?post=15851"}],"version-history":[{"count":1,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15851\/revisions"}],"predecessor-version":[{"id":15853,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15851\/revisions\/15853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/media\/15852"}],"wp:attachment":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/media?parent=15851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/categories?post=15851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/tags?post=15851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}