You can follow instructions for using Certbot depending on the set-up of your server.
Below you will also see instructions for the use of Uncomplicated Firewall (ufw), you can read more about the opening of ports with ufw in 03.2 Tinc server side prep
Before proceeding, it is worth taking note of your current Ngix config set up, as some automated editing of the Nginx config will occur and you will need to do a manual check that everything is as it should be at the end of the following process.
Certbot
After installing and setting up nginx install certbot and the nginx plugin:
sudo apt install certbot python3-certbot-nginx
Make sure nginx ports are open by: - checking their status
sudo ufw status
We need ‘Nginx Full’ enabled with:
sudo ufw allow 'Nginx Full'
Delete any other http etc, e.g.
sudo ufw delete allow 'Nginx HTTP'
Your status should now look something like this:
sudo ufw status
OutputStatus: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6)
Register with certbot
sudo certbot register
You will then enter emails and agree to terms and bits.
Then to start cerifying use
sudo certbot --nginx
It will then ask which site to certify, press enter to do them all.
NOTE: It will then auto paste details for the certificates into your Nginx config, these will probably need editing, but will contain the right paths for your ssl certificate!
Certbot should now automatically keep your certificates updated.