Create a certificate
SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
Enable the universe repository
You'll need to make sure the Ubuntu universe repository is in your list of repositories. To do so, run the following commands on the command line on the machine:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo apt-get update
Install Certbot
sudo apt-get install certbot python3-certbot-nginx
Create a certificate
sudo certbot certonly --nginx
Install your SSL certificate to Nginx
You need to redirect all HTTP requests to HTTPS requests.
server {
listen [::]:80;
listen 80;
server_name yoursite.com www.yoursite.com;
# redirect http to https www
return 301 https://www.yoursite.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name yoursite.com;
ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem;
root [your-site-root-path];
# redirect https non-www to https www
return 301 https://www.yoursite.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.yoursite.com;
root [your-site-root-path];
ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem;
## Nginx config for serving your application
## ...
}
Renew your certificates
Edit the crontab
file:
sudo vim /etc/crontab
Add this cron job to renew your certificates automatically:
0 0,12 * * * certbot renew >/dev/null 2>&1
Tada!