Skip to main content

Enable https NGINX

Enable HTTPS on Nginx (Let’s Encrypt)

0. Introduction

Goal

Enable HTTPS on Nginx using an existing Let’s Encrypt certificate, open the HTTPS port, and (optionally) redirect all HTTP traffic to HTTPS.

1. Prerequisites

  • Nginx installed and running
  • Valid TLS certificate from Let’s Encrypt
  • Certificate files available under /etc/letsencrypt/live/<domain>/

Required files:

/etc/letsencrypt/live/qool.ovh/fullchain.pem
/etc/letsencrypt/live/qool.ovh/privkey.pem

2. Allow HTTPS Port (443)

Add firewall rule

sudo ufw allow 443/tcp

Enable firewall (if not active)

sudo ufw enable

Verify

sudo ufw status

3. Configure Nginx for HTTPS

Edit Nginx site configuration

sudo nano /etc/nginx/sites-available/qool.ovh

HTTPS server block

server {
    listen 443 ssl http2;
    server_name *.qool.ovh;

    root /var/www/qool;
    index index.php index.html;

    ssl_certificate     /etc/letsencrypt/live/qool.ovh/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/qool.ovh/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
}

4. Redirect HTTP to HTTPS (Recommended)

HTTP redirect block

server {
    listen 80;
    server_name *.qool.ovh;
    return 301 https://$host$request_uri;
}

5. Apply Configuration

Test configuration

sudo nginx -t

Reload Nginx

sudo systemctl reload nginx

6. Verify HTTPS

Check listening ports

sudo ss -tlnp | grep 443

Test in browser

https://test.qool.ovh

Test via CLI

curl -I https://test.qool.ovh

Final Notes

  • Port 443 must be open in the firewall
  • Nginx must reference the correct certificate paths
  • Certbot renews certificates automatically
  • No manual changes are required after renewal
  • This setup supports wildcard subdomains
Back to top