225 words
1 minutes
🌐 SSL with Certbot (Let's Encrypt)
2025-05-22
Webservers
Nginx
/
SSL
/
Let's Encrypt
/
Webservers
/
Apache

🌐 1. Install Web Server and Certbot#

  1. For Nginx

    sudo apt update && sudo apt install nginx -y
sudo apt install nginx certbot python3-certbot-nginx -y

  2. For Apache

    sudo apt update && sudo apt install apache2 -y
sudo apt install apache2 certbot python3-certbot-apache -y

βš™οΈ 2. Configure Virtual Host#

  • Nginx: Create Site Config

    sudo nano /etc/nginx/sites-available/example.com.conf

  • Paste:

    server {
    listen 80;
    server_name example.com www.example.com;

    location / {
        proxy_pass http://127.0.0.1:8080;  # Your backend app
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
    }
}

  • Enable and test config:

    sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

  • Apache: Create Site Config

    sudo nano /etc/apache2/sites-available/example.com.conf

  • Paste:

    <VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com

    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

    ErrorLog ${APACHE_LOG_DIR}/example_error.log
    CustomLog ${APACHE_LOG_DIR}/example_access.log combined
</VirtualHost>

  • Enable site and required modules:

    sudo a2ensite example.com.conf
sudo a2enmod proxy proxy_http
sudo systemctl reload apache2

πŸ” 3. Obtain Let’s Encrypt SSL Certificate#

  1. For Nginx:

    sudo certbot --nginx -d example.com -d www.example.com

  2. For Apache:

    sudo certbot --apache -d example.com -d www.example.com

Certbot will automatically update your config to use HTTPS.

4. Enable Auto-Renewal#

Certbot typically sets this up automatically. Confirm with:

sudo systemctl list-timers | grep certbot

  1. Test renewal manually:

    sudo certbot renew --dry-run

  2. Set up custom cron (if needed):

    sudo crontab -e

  3. Add:

    0 3 * * * certbot renew --quiet --deploy-hook "systemctl reload nginx"

  4. for Apache

    0 3 * * * certbot renew --quiet --deploy-hook "systemctl reload apache2"

This runs daily at 3 AM and reloads the web server if certificates are renewed.

🌐 SSL with Certbot (Let's Encrypt)
https://www.itsnooblk.com/posts/ssl-with-certbot/
Author
Lahiru Sandaruwan Liyanage
Published at
2025-05-22
License
MIT License
🌐 Cloudflare SSL with Nginx (Full Strict)
🌐 Cloudflare SSL with Nginx (Flexible)
© 2025 Lahiru Sandaruwan Liyanage. All Rights Reserved.