Install SSL on Nginx using Let's Encrypt (Certbot)
Add HTTPS to your Laravel app using Let's Encrypt.
Securing your Laravel app with HTTPS not only boosts SEO and user trust but is now an industry standard. Let’s Encrypt provides free SSL/TLS certificates, and Certbot makes installation almost effortless. In this guide, you’ll learn how to install SSL on your Nginx-powered Laravel app using Let’s Encrypt’s Certbot.
Prerequisites
Before starting, make sure you have:
- A server running a compatible Linux distro (e.g., Ubuntu, Debian, CentOS).
- Nginx installed and running.
- A domain name pointing to your server’s public IP.
- Laravel app deployed on the server.
- Root or sudo user privileges.
Step 1: Update Your Server
Begin with updating your system packages:
sudo apt update && sudo apt upgrade
For CentOS:
sudo yum update
Step 2: Install Certbot
Let’s Encrypt recommends Certbot to automate SSL installations.
Install Certbot and Nginx Plugin (Ubuntu/Debian)
sudo apt install certbot python3-certbot-nginx
For CentOS/RHEL:
sudo yum install certbot python3-certbot-nginx
Step 3: Configure Nginx for Your Laravel App
Ensure Nginx is properly serving your Laravel app and configured for your domain.
Sample Nginx config:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/laravel/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
- Replace
/var/www/laravel/publicwith your Laravel app’s public directory. - Set
server_nameto your actual domain(s).
Restart Nginx to apply changes:
sudo systemctl restart nginx
Step 4: Open HTTP and HTTPS Ports
Ensure firewall allows HTTP (80) and HTTPS (443):
sudo ufw allow 'Nginx Full'
sudo ufw reload
Step 5: Obtain SSL Certificate with Certbot
Run Certbot for Nginx and follow the prompts:
sudo certbot --nginx
You’ll be prompted to enter your email address, agree to the terms, and choose for which domain(s) you wish to enable HTTPS.
Certbot will:
- Obtain certificates.
- Automatically configure your Nginx files for SSL.
- Reload Nginx.
Example Output
Congratulations! You have successfully enabled
https://example.com and https://www.example.com
...
Step 6: Automatic Certificate Renewal
Let’s Encrypt certificates last 90 days. Certbot sets up an automatic renewal system.
You can test the renewal process:
sudo certbot renew --dry-run
By default, a cron job or systemd timer will handle actual renewals.
Step 7: Verify SSL
Visit your website using https:// and ensure the SSL padlock is visible in the browser bar.
Alternatively, test with SSL Labs’ SSL Test.
Tips for Laravel
- Update your
.envfile to useAPP_URL=https://yourdomain.com. - Ensure any external resources (APIs, assets) are also loaded via HTTPS.
Troubleshooting
- Port 80 in use or blocked: Make sure no other service is occupying the port and firewall allows access.
- Domain DNS: Ensure your domain’s DNS points to your server’s IP.
- Configuration Backup: Certbot makes a backup of your Nginx config before modifying it, but consider manually backing it up for safety.
Conclusion
Adding HTTPS to your Laravel app with Let’s Encrypt and Certbot is quick, secure, and entirely free. With just a few commands, your Nginx-hosted site will be encrypted, boosting security and user trust. Happy coding!
References: