Generate freeSSL Let’s Encrypt – Per Domain – 1/3

If you are running own cloud server and want to avoid paying SSL providors, then Let’s Encrypt is the best option for you.

My experiance with Let’s Encrypt is quite new but I have successfully implemented it on my Ubuntu+Nginx servers.

This article will explain how you can gain certificate per domain.
Let’s Encrypt does has a very well written documentation, if you are interested in deeper look, here is the link.

At this moment you have done following.

  • Your cloud server is running as well as Nginx.
  • Your domain or subdomain is active and DNS are pointed to your webserver

Nginx on Ubuntu 16.04 (xenial):
You need to install Certbot on your server, Certbot maintains the PPA, all you need to do run following commands on your server.


$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Certbot has an Nginx plugin, that we will use to generate the SSL

$ sudo certbot --nginx

Using this command will generate SSL certificates for all the websites exist in /etc/nginx/sites-available
And this command will also update Nginx site config to put certificate information, that can be helpfull in some cases.

I personally used following command and updated Nginx config manually.
$ sudo certbot --nginx certonly

Once certbot is finished successfully, certificate will be available at

Then modify nginx site config and add following lines in your server config:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domainname.your/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domainname.your/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

Method3: Generate certificate for a specify domain
In case you don’t want certbot to generate SSL for all the avaiable domains/subdomans, this is how you can specify the domain name.

$ certbot --nginx certonly -d 'domainname.your'
$ certbot --nginx certonly -d 'subdomain.domainname.your'

Here are some screenshots me generating SSL for my test domain, at the time you read this article this domain might not be working any more 🙂

If you are using a deployment tools like Puppet, then you need to update them to update Nginx site configurations.

Author: Danyal
I'm skilled programmer with expertise in Vue.js/Nux.js for front-end development and PHP Laravel for back-end development. I excel in building APIs and services, and also have experience in web server setup & maintenance. My versatile skill set allows you to develop and maintain web applications effectively, from the user interface to the server-side functionality. I love coding with never ending learning attitude, thanks for visiting