The authoritative source:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-10
TLDR:
A
records in place for[url]
andwww.[url]
- basic server block in
/etc/nginx/sites-available/[domain]
sudo apt update
sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
sudo apt install python3-certbot-nginx
- (https) :
sudo ufw status
if needed:
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
Lastly:
sudo certbot --nginx -d your_domain -d www.your_domain
if returning to an old domain, append --force-renewal
to above command.