Configure NGINX to enable SSL using Let’s Encrypt & EasyEngine

13 Dec

Let’s Encrypt recently entered public beta, issuing signed certs from a trusted CA to participating site owners without a fee. The idea of serving encrypted content over HTTPS without any cost or resorting to self-signed certificates was appealing enough that I decided to dive in and give it a try on my personal site.

I am running Ubuntu 14.0.3 LTS on a VPN hosted by vultr. I use EasyEngine to configure my software stack: NGINX, PHP, MariaDB, Redis, and WordPress.

Most of the documentation for Let’s Encrypt is written for Apache users, but there is experimental NGINX support available. However, I couldn’t find anything about EasyEngine support for Let’s Encrypt, so I decided to dig in and figure it out.

First, I  shut down nginx with “sudo nginx -s quit”

Next, I grabbed the Let’s Encrypt client from the git repository:

“git clone
cd letsencrypt
./letsencrypt-auto –agree-dev-preview –server auth”

I then needed to edit the nginx config for my site, which EasyEngine stores in a directory unique to the site, as opposed to the single server-wide config you would see in a vanilla nginx install.

“sudo ee site edit”

I then added an entry to listen on port 443 and specified the keys generated by Let’s Encrypt:

“server {

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;


I also wanted to redirect standard HTTP requests from port 80 to port 443 for HTTPS, so I added another server block:

server {
listen 80;
return 301 https://$server_name$request_uri;

I then updated EasyEngine for my site with

“sudo ee site update”

and finally restarted nginx.

After visiting my site and verifying the redirection was working properly and the correct certificate was being used, I then I ran my site through SSL Labs to ensure everything was configured and working correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *