Setup Certbot on Your Server and Install a SSL Certificate with AutoRenewal

I am going to show you how to setup certbot on your server, and install a free SSL certificate using it for your domain. We will also make sure that all requests are redirected to the HTTPS version of your site, with www. Also to note that I am running Ubuntu 16.04, and have nginx setup as my web server.

My nginx default configuration (/etc/sites-available/default) looks like this:

server {
    return 301$request_uri;

server {
    location / {
         proxy_set_header   X-Real-IP  $remote_addr;
         proxy_set_header   Host       $http_host;

There are a few pre-requisites to make sure of before your proceed with installing the certificate, so that things go smoothly:

  • Make sure /etc/nginx/sites-available is named default. If you have created a custom configuration with a changed filename then certbot will have a difficult time finding the file and writing to it.
  • Make sure that you have configured the redirect from non-www to www within nginx (otherwise certbot cannot write to both server_names).
  • Make sure that your domains DNS points to your server, otherwise certbot cannot verify ownership of the domain name.
  • After any edits to your nginx configuration, make sure to reload nginx by running sudo service nginx restart.

Ok so with the pre-requisites out of the way we are going to setup certbot and install a SSL certificate, run the following commands in your terminal:

This will add the certbot repository

sudo add-apt-repository ppa:certbot/certbot

This will update the repository

sudo apt-get update

This will install the certbot package for nginx

sudo apt-get install python-certbot-nginx

Setup the SSL certificate for your domain (replacing with your actual domain)

sudo certbot --nginx -d -d

Run through the setup and choose option 2 when it asks if you would like certbot to edit your nginx /etc/sites-available/default configuration and setup redirects correctly.

The certbot package installed will check twice a day if the certificate needs to be renewed, and it will renew the certificate automatically when needed.

Jeremy Stocker
Passionate about web development and working with the latest technologies including React, Node, AWS & WordPress.

45 St Georges Terrace
Perth, AU 6000

View on Google Map

Give me a call on

0498 127 791

Or reach me by email

© 2018 Krucial Australia.