How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04

Video is ready, Click Here to View ×

In this tutorial, we will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 14.04. We will also show you how to automatically renew your SSL certificate. If you’re running a different web server, simply follow your web server’s documentation to learn how to use the certificate with your setup.

Let’s Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted…


  1. I'm comparing this video to the tutorial linked in the description… and they're very different. Which one should I follow? I'd imagine they're the same or at least similar since the title for both is "How To Secure Nginx with Let's Encrypt on Ubuntu 14.04"

  2. Thanks, installed with no problems.
    Except file:
    Dont have this text: domains =
    I dont know why.. so i just added manualy.. i hope it will work for renewal..

  3. I'm sorry to say but your tutorial pretty much sucks. You've lost me half way through. All I wanted to know is how to install that damn certificate on an existing website. And let a plugin do the rest. That's it. Maybe you should break it into parts, I'm pretty sure that you should, but you don't care. Last but not least I was shocked to learn that after using DO for over 3+ years there is virtually no support.

  4. Once I set up SSL, it keeps pointing to the nginx default page instead of my laravel site. I configured the root to /var/www/laravel/public.

    It was pointing to my site just fine prior to setting up the SSL…but now it's not. huh?

  5. Perhaps because of a recent update, the live directory no longer exists. I found a .pem key at /etc/letsencrypt/csr directory and another at /etc/letsencrypt/keys directory, but when I put their path in the default nginx file I get an error saying: nginx: [emerge] PEM_read_bio_X509_AUX ("/ etc /letsencrypt/csr/0000_csr-certbot.pem ") failed (SSL: error: 0906D06C: PEM routines: PEM_read_bio: no start line: Expecting: TRUSTED CERTIFICATE)

    How to proceed

  6. Commands used in video (SSL setup):
    1) sudo git clone /opt/letsencrypt
    2) sudo service nginx stop
    3) cd /opt/letsencrypt
    4) ./letsencrypt-auto certonly –standalone

    server {
    listen 80;
    return 301$request_uri;

    server {
    listen 443 ssl;

    server {

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    sudo cp /opt/letsencrypt/examples/cli.ini /usr/local/etc/le-renew-webroot.ini

    cd /opt/letsencrypt

    ./letsencrypt-auto certonly -a webroot –renew-by-default –config /usr/local/etc/le-renew-webroot.ini

    NOTE! if you will receive message like this 'Failed authorization procedure' make sure your 443 port is open

  7. This video is great, but i have a problem with this line ssl_prefer_server_ciphers on; i think the problem is because i have multiple domain names on my server…i get this error:

    nginx: [warn] invalid value "ssl_prefer_server_ciphers" in /etc/nginx/sites-enabled/
    nginx: configuration file /etc/nginx/nginx.conf test failed

    can you please help?

  8. Great video, thank you. I had to add the "ssl" after the listen 443 in the server block for this to work like so listen 443 ssl; Also at 7:37 the sudo command should end with .ini not .init beyond that thank you very much

  9. Very nice tutorial…currently I have a GoDaddy certificate, what should I do? Can I use these steps or am I supposed to do something different before? For example, before follow this tutorial, on my Apache virtual host should I sudo a2dissite my default-ssl or not?

    I know this is for Nginx and not for Apache but could you please help me?
    Thanks in advance!

Leave a Reply

Your email address will not be published.