To set up Certbot SSL with Nginx, you can follow these steps to obtain and install an SSL certificate for your Nginx web server on a Linux-based system. I'll assume you have already installed Nginx on your server.

Install Certbot:

The first step is to install Certbot, which is a tool that simplifies the process of obtaining and renewing SSL certificates. The exact command may vary depending on your Linux distribution. Here are commands for some popular distributions:


sudo apt-get update
sudo apt-get install certbot python3-certbot-nginx



sudo yum install certbot python3-certbot-nginx


Prepare Your Nginx Configuration:

Before using Certbot, you need to ensure that your Nginx configuration is set up correctly. Make sure you have a server block (virtual host) for your domain configured in your Nginx configuration file. It should look something like this:

server {
    listen 80;
    location / {
        # Your Nginx configuration here


Obtain an SSL Certificate:

Run the following command to obtain an SSL certificate for your domain:

sudo certbot --nginx -d -d


Replace and with your actual domain names. Certbot will automatically configure Nginx to use the obtained certificate and update your Nginx configuration.

Verify the Configuration:

Certbot should automatically modify your Nginx configuration to enable SSL and redirect HTTP traffic to HTTPS. You can verify your configuration by running:

sudo nginx -t


If there are no syntax errors, restart Nginx:

sudo systemctl restart nginx


If you look at domain‑name.conf, you see that certbot has modified it:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;

    listen 443 ssl;
    # RSA certificate
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;


Automatic Renewal:

Certbot will set up a cron job to automatically renew your SSL certificate when it's close to expiration. You can test the renewal process by running:

sudo certbot renew --dry-run


Read also: Nginx Forward Proxy: A Comprehensive Guide


If this test runs successfully, Certbot will renew your certificate as needed. That's it! Your Nginx web server should now be configured with a valid SSL certificate. Make sure to keep your server and Certbot up to date, and your SSL certificate will be automatically renewed when necessary.

Category : #web server

Tags : #web server , #nginx