SSL with Certbot

HTTPS certificates with automatic renewal.

Install Certbot#

sudo apt install certbot python3-certbot-nginx -y

Obtain certificate#

Single domain:

sudo certbot --nginx -d DOMAIN

Multiple domains/subdomains:

sudo certbot --nginx -d api.example.com -d app.example.com

Follow the prompts (email, agree to ToS).

Certbot automatically:

• Obtains the certificate
• Configures Nginx for SSL
• Sets up HTTP → HTTPS redirect
• Configures auto-renewal via systemd timer

Validate#

curl https://DOMAIN/

Verify auto-renewal#

sudo certbot renew --dry-run