An SSL certificate is used to secure a domain, preventing people from seeing many things, including those entered into forms (username, password, etc.).
sudo apt install python3-certbot
sudo apt install python3-certbot-nginx
sudo certbot --nginx
sudo certbot --nginx -d
I recommend the former command, as it will ask which domain you'd like to setup for, where the latter should be used if you know for certain the domain-name is configured in nginx
The first time you run certbot you'll need to enter an email (for alerts), and agree to T&Cs
Certificates attained via Certbot are valid for 90 days, so to keep it up indefinitely we'll need to auto-renew before it expires
To do this we'll set up a cronjob to run on... . This crontab needs to be run by root, so we'll open the crontab with sudo.
sudo crontab -e
If it's your first time editing the crontab (as root), it'll ask for your editor of choice
When the crontab is open, add a line to the bottom with the following
0 0 * * * certbot --nginx renew
Exit and save, you'll be imformed the crontab has been changed, and every day the cronjob will auto renew SSL certificates that are due to expire in the next 30 days.