Hassle free SSL with NGINX


apt install certbot
python3 -m pip install cerbot

Preparing Nginx

apt install nginx
# inside ALL servers in sites-enabled/ or nginx.conf # 
# sites-enabled/ sometimes called vhosts.d/ or vservers.d/ #
location /.well-known/acme-challenge/ {
alias /var/www/.well-known/acme-challenge/;
set permissions and reload

Run Certbot

certbot certonly --webroot -w /var/www -d domain.toplevel -d domain2.toplevel --rsa-key-size 2048

Add SSL-configuration in Nginx

ssl_certificate /etc/letsencrypt/live/domain.toplevel/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.toplevel/privkey.pem;
listen 443 ssl; # ipv4
listen [::]:443 ssl; # ipv6

Common pitfalls

HTTPS redirect

nginx ACME-server-block


auth_basic off;
allow all;

Adding new Subdomains

run certbot



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yannik Schmidt

Yannik Schmidt

Python programmer at heart, Linux Expert at work, GameDev on my good days, web developer on the bad days.