Let’s Encrypt SSL (CA-signed, trusted by browsers)

Install Certbot & NGINX PLUGIN

sudo apt update

sudo apt install certbot python3-certbot-nginx -y

get ssl certificate automatically(NGINX Plugin)

sudo certbot —nginx -d [yourdomain.com](<http://yourdomain.com>) -d  www.yourdomain.com

Automatic Certificate Renewal

Let’s Encrypt certs expire every 90 days, but Certbot sets up automatic renewal.

sudo certbot renew --dry-run

Cert Location

/etc/letsencrypt/live/yourdomain.com/

server{
listen 80;
listen [::]:80;
server_name bishesna;
return 301 <https://$host$request+uri>;
{
server{
listen 443;#listen on all upv4 addresses
listen [::]:443;#listen on all ipv6 addresses
servername bishesna bishesna;
root /var/www/bishesna;
index index.html;

ssl_certificate /etc/letsencrypt/live/bishesna/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/bishesna/privkey.pem

include /etc/letsencrypt/options-ssl-nginx.config;
ddl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location /{
 try_files $uri $uri/= 404;
 }
 }

default:

/etc/letsencrypt/live/<your-domain>/

sudo ln -s /etc/nginx/sites-available/yourdomain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx