Jump directly to main content

Setup SSL with Certbot

An SSL certificate is used to secure a domain, preventing people from seeing many things, including those entered into forms (username, password, etc.).

Install Certbot

sudo apt install python3-certbot

or

sudo apt install python3-certbot-nginx

Run Certbot

sudo certbot --nginx

or

sudo certbot --nginx -d

I recommend the former command, as it will ask which domain you'd like to setup for, where the latter should be used if you know for certain the domain-name is configured in nginx

The first time you run certbot you'll need to enter an email (for alerts), and agree to T&Cs

Configure HTTPS

Auto renew

Certificates attained via Certbot are valid for 90 days, so to keep it up indefinitely we'll need to auto-renew before it expires

To do this we'll set up a cronjob to run on... . This crontab needs to be run by root, so we'll open the crontab with sudo.

sudo crontab -e

If it's your first time editing the crontab (as root), it'll ask for your editor of choice

When the crontab is open, add a line to the bottom with the following

0 0 * * * certbot --nginx renew

Exit and save, you'll be imformed the crontab has been changed, and every day the cronjob will auto renew SSL certificates that are due to expire in the next 30 days.