Getting Started with SSL & Certbot
Welcome to SSL with Certbot
Every production website needs HTTPS. Without it, browsers warn visitors that the site is "not secure", search engines rank it lower, and modern browser APIs (geolocation, service workers, clipboard) simply refuse to work.
Let's Encrypt is a free, automated Certificate Authority. Certbot is the official tool that talks to Let's Encrypt, obtains a certificate for your domain, configures Nginx automatically, and sets up renewal — all in a few commands.
Free, automated, and trusted by every major browser. There's no reason not to use it.
What You'll Learn
- How HTTPS works — certificates, TLS handshakes, and what Certbot actually does
- Installing Certbot — on Ubuntu with the Nginx plugin
- Obtaining a certificate — the
certbot --nginxcommand explained - Nginx configuration after Certbot — what it changes and why
- HTTP → HTTPS redirect — forcing all traffic to the secure version
- Automatic renewal — using cron or the systemd timer to renew before expiry
- Testing renewal — dry-run the renewal process without making changes
- Wildcard certificates — covering all subdomains with one cert (DNS challenge)
Prerequisites
- A Linux server (EC2, Lightsail, or any VPS) with Nginx installed
- A registered domain name pointing at your server's IP
- Port 80 and 443 open in your server's firewall / security group