HTTPS is essential for security, SEO and user trust — and with Let's Encrypt it's free and automated. Here's how to secure an Nginx site on a Linux VPS.
Prerequisites
- A domain pointing to your VPS (an A record for
example.com). - Nginx installed with a server block for your domain.
- Ports 80 and 443 open in your firewall.
1. Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx -y
2. Obtain and install the certificate
sudo certbot --nginx -d example.com -d www.example.com
Certbot verifies your domain, fetches a certificate, and edits your Nginx config to serve HTTPS and redirect HTTP to HTTPS automatically.
3. Confirm auto-renewal
Let's Encrypt certificates last 90 days; Certbot installs a timer to renew them automatically. Test it with:
sudo certbot renew --dry-run
4. Verify your setup
Visit https://example.com and check for the padlock. For a deeper check, run your domain through an SSL testing tool to confirm a strong configuration.
Troubleshooting
- Challenge failed: confirm the domain resolves to your server and port 80 is open.
- Rate limits: Let's Encrypt limits certificates per domain per week — use
--dry-runwhile testing.
That's it — a free, auto-renewing certificate. On a OneHost VPS with full root access, the whole process takes just a couple of minutes.