Skip to main content

Install Certbot

Verify the install:

Generate certificate for a domain

Certbot automatically edits the matching Nginx server block (the one with the matching server_name) to add the SSL config and redirect HTTP → HTTPS.
Make sure the domain’s DNS A record already points to this VPS’s IP, and that Nginx is already serving that server_name on port 80, before running Certbot — otherwise the HTTP-01 challenge will fail.

Auto-renewal

Certbot installs a systemd timer automatically. Verify it:

Multiple domains

Repeat per subdomain/app:

Useful checks

After Certbot edits the Nginx config, run sudo nginx -t to confirm syntax is valid, then sudo systemctl reload nginx if you made any further manual changes.