SSL for Nginx sites with Let's Encrypt
Suppose we have a running website example.com with proper Nginx config for HTTP access. Follow three steps below we will have the website secured with HTTPS using Let's Encrypt certificates.
1. Install Certbot
```sh # Ubuntu 20+ sudo apt-get install python3-certbot-nginx # Earlier versions sudo add-apt-repository ppa:certbot/certbot # press enter to accept sudo apt-get update sudo apt-get install python-certbot-nginx ```2. Generating certificates
sudo certbot --nginx -d example.comIf this is the first time running certbot it will ask for your email, acceptance to terms of services then doing the challenge for the domain. If the process is successful it will continue to ask if you want to redirect http to https
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Select your choice and hit enter, nginx config for the domain will be updated and reload. Testing your site to verify it works.
3. Certbot auto-renewal
Let's Encrypt certificates last for 90 days so we need to renew certificates before they expire.
To test renewal process, make a dry run
sudo certbot renew --dry-runMake certbot renewal automatically by adding the command to cron
15 3 * * * /usr/bin/certbot renew --quietNote: If using CloudFlare the TLS-SNI challenge used by renew command would not work. We need to append this option to the renew command
15 3 * * * /usr/bin/certbot renew --quiet --preferred-challenges http