A reverse proxy is a bridge between the host (client) and the application server. It routes client requests, relaying data to target servers, then delivers the server’s response to the client.

You can use your reverse proxy as a way to secure the connection between your client and your server, so that you will have a unified and centralized security configuration for all your apps.

In this tutorial, I’ll show how to set up free SSL with Let’s Encrypt using the Nginx reverse proxy. We will assume that you already have a working Nginx installation and a domain properly setup. Please refer to our guide here if you don’t: Nginx reverse proxy setup on Ubuntu servers

We only use Ubuntu servers at Honeyside. We recommend you to do the same. Therefore, this guide will only cover installation and configuration on Ubuntu.

Install Certbot

First, let’s install Certbot (a command line tool for generating Let’s Encrypt SSL certificates, automatically):

sudo apt update
sudo apt install certbot
sudo apt install python3-certbot-nginx

Run Certbot

Now, let’s run Certbot:

sudo certbot --nginx -d example.com -d www.example.com

Replace example.com with your target domain. You need an extra -d parameter per each subdomain, including www.example.com, as shown above.

Respond to prompts from Certbot to configure your Let’s Encrypt settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.

Once certificate generation is complete, Nginx automatically reloads with the new settings.

Certbot will show you a message indicating that certificate generation was successful and specifying the location of the certificate on your server.

Congratulations! You have successfully enabled https://example.com and https://www.example.com

You now can browse your website or app at https://example.com and https://www.example.com

Renewing the certificates

Let’s Encrypt SSL certificates automatically expire after 3 months. By default, you need to renew the certificates manually by running:

/usr/bin/certbot renew --quiet

Configuring automatic renewal

If you wish to renew the certificates automatically, you’ll need to add a cron job to do so.

Open your crontab file:

crontab -e

Now add the renewal command as follows:

0 12 * * * /usr/bin/certbot renew --quiet

Save and close the file. If you chose nano as your editor, you can do so with CTRL+O, then Y.

Conclusions

That’s it, congratulations on installing adding Let’s Encrypt SSL to your Nginx installation!

You should now be able to access the application running on port 4000 by navigating to https://example.com (replace with your domain name).