Got feedback or spotted a mistake?

Leave a comment at the end of this page or email

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Download the “certbot-auto” utility

sudo cp certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
certbot-auto --help

Command to renew the SSL certificate (for particular domain)

certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>


To renew the certificate of OpenSpecimen site.

certbot-auto certonly --webroot --webroot-path=/var/www/ -d

Renew the certificate of forums site.

certbot-auto certonly --webroot --webroot-path=/var/www/html  -d

Configuring SSL into Nginx

Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).


server {
        listen 80;
        server_name <host-name>;
        root /var/www/html;
        return 301 https://$host$request_uri;

server {
       listen 443;
       server_name <host-name;

       root /var/www/html;
       ssl_certificate <absolute-path-of-cert-file>;
       ssl_certificate_key <absolute-path-of-private-key>;

       ssl_session_timeout 5m;
       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
       ssl_prefer_server_ciphers on;

        #Proxy configuration
        location / {
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        location ~ /.well-known {
                allow all;
  • No labels