HTTPS is essential for security, SEO and user trust — and with Let's Encrypt it's free and automated. Here's how to secure an Nginx site on a Linux VPS.

Prerequisites

  • A domain pointing to your VPS (an A record for example.com).
  • Nginx installed with a server block for your domain.
  • Ports 80 and 443 open in your firewall.

1. Install Certbot

sudo apt update
sudo apt install certbot python3-certbot-nginx -y

2. Obtain and install the certificate

sudo certbot --nginx -d example.com -d www.example.com

Certbot verifies your domain, fetches a certificate, and edits your Nginx config to serve HTTPS and redirect HTTP to HTTPS automatically.

3. Confirm auto-renewal

Let's Encrypt certificates last 90 days; Certbot installs a timer to renew them automatically. Test it with:

sudo certbot renew --dry-run

4. Verify your setup

Visit https://example.com and check for the padlock. For a deeper check, run your domain through an SSL testing tool to confirm a strong configuration.

Troubleshooting

  • Challenge failed: confirm the domain resolves to your server and port 80 is open.
  • Rate limits: Let's Encrypt limits certificates per domain per week — use --dry-run while testing.

That's it — a free, auto-renewing certificate. On a OneHost VPS with full root access, the whole process takes just a couple of minutes.