Certbot + Nginx SSL

Secure your Nginx sites with free SSL certificates from Let's Encrypt.

1 Install Certbot

Add the official Certbot PPA and install the Nginx plugin.

bash
sudo apt update
sudo apt install certbot python3-certbot-nginx -y

2 Obtain SSL Certificate

Replace example.com with your domain. Certbot will automatically modify your Nginx config.

bash
sudo certbot --nginx -d example.com -d www.example.com

3 Verify Auto-Renewal

Certbot sets up a systemd timer for automatic renewal. Verify it's active.

bash
sudo systemctl status certbot.timer
sudo certbot renew --dry-run

Certificates are valid for 90 days. Certbot auto-renews when they have less than 30 days remaining.

4 Verify HTTPS

After installation, visit https://yourdomain.com in a browser. Look for the padlock icon.

bash
curl -I https://example.com

5 Troubleshooting

Port 80 must be open

Certbot needs port 80 open for the HTTP-01 challenge. Check your firewall.

DNS must resolve

Your domain's A record must point to your server's public IP before running Certbot.

Check logs on failure

bash
sudo certbot --nginx -d example.com --debug
Home Buy Me a Beer