Add the official Certbot PPA and install the Nginx plugin.
sudo apt update sudo apt install certbot python3-certbot-nginx -y
Replace example.com with your domain. Certbot will automatically modify your Nginx config.
sudo certbot --nginx -d example.com -d www.example.com
Certbot sets up a systemd timer for automatic renewal. Verify it's active.
sudo systemctl status certbot.timer sudo certbot renew --dry-run
Certificates are valid for 90 days. Certbot auto-renews when they have less than 30 days remaining.
After installation, visit https://yourdomain.com in a browser. Look for the padlock icon.
curl -I https://example.com
Port 80 must be open
Certbot needs port 80 open for the HTTP-01 challenge. Check your firewall.
DNS must resolve
Your domain's A record must point to your server's public IP before running Certbot.
Check logs on failure
sudo certbot --nginx -d example.com --debug