Configuring Let's Encrypt SSL Certificates for nginx on Debian 11
Installing Certbot and certbot nginx plugin#
sudo apt update && sudo apt -y install certbot python3-certbot-nginx
Generating certificates and configuring nginx for the website#
certbot --nginx
If this is your first time running Certbot to obtain an SSL certificate, it will ask for your email address. Enter an email address that you commonly use, as it will notify you before the certificate expires.
You can also obtain certificate configuration for a specific domain name
certbot --nginx -d baicai.me
Automatically renewing SSL certificates with Certbot#
Let's Encrypt SSL certificates expire after 90 days, so you may need to manually renew them. However, the Certbot package comes with a cron job and a systemd timer that will automatically renew the certificates before they expire.
Unless you change the configuration, there is no need to manually run Certbot again.
You can test the automatic renewal of the certificates by running the following command.
certbot renew --dry-run