Generating SSL with CertBot and nginx

Requirement

You need to have certbot-nginx plugin installed.

Depending on your machine, Installing certbot, nginx, and certbot-nginx in Debian / Ubuntu could be done with the following:

~ $ sudo apt install nginx certbot python3-certbot-nginx

Writting nginx config

Edit /etc/nginx/conf.d/main.conf, insert the following:

server {
  server_name domainname.com;
  listen 80;
  listen [::]:80;

  root "/var/www/htdocs";
}

Replace domainname.com with your domain.

Generate key

Run:

~ $ certbot --nginx

You will be asked which domain to generate with.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domainname.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Press 1, and wait it till finish.

In the end, it will ask you whenever you want to make certbot to configure your nginx to be https-only.

Automatic daily check

Edit root crontab by running the following:

~ # crontab -e

Insert the following, and save it:

30      *       *       *       *       certbot -q --nginx --keep-until-expiring --domains domainname.com

Again, change domainname.com with your domain name.