Configuring Let's Encrypt SSL Certificate for nginx on Debian 11
Installing Certbot and certbot nginx plugin#
sudo apt update && sudo apt -y install certbot python3-certbot-nginx
Generating and configuring certificates for nginx websites#
certbot --nginx
If it is the first time running Certbot to obtain an SSL certificate, it will ask for your email. Enter a frequently used email address, and it will notify you before the certificate expires.
You can also obtain certificate configuration for specific domain names
certbot --nginx -d baicai.me
Using Certbot for automatic SSL certificate renewal#
Let's Encrypt SSL certificates expire after 90 days, so you may need to manually renew them. However, the Certbot package comes with a cron job and systemd timer that automatically renews the certificate before it expires.
Unless you change the configuration, there is no need to manually run Certbot again.
You can test the automatic renewal of the certificate by running the following command.
certbot renew --dry-run