Download the “certbot-auto” utility

sudo cp certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
certbot-auto --help

Command to renew the SSL certificate (for particular domain)

certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>


To renew the certificate of OpenSpecimen site.

certbot-auto certonly --webroot --webroot-path=/var/www/ -d

Renew the certificate of forums site.

certbot-auto certonly --webroot --webroot-path=/var/www/html  -d

Configuring SSL into Nginx

Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).


server {
        listen 80;
        server_name <host-name>;
        root /var/www/html;
        return 301 https://$host$request_uri;

server {
       listen 443;
       server_name <host-name;

       root /var/www/html;
       ssl_certificate <absolute-path-of-cert-file>;
       ssl_certificate_key <absolute-path-of-private-key>;

       ssl_session_timeout 5m;
       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
       ssl_prefer_server_ciphers on;

        #Proxy configuration
        location / {
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        location ~ /.well-known {
                allow all;

Once the SSL certificates are generated and configured, restart the nginx service.

Restart: service nginx restart

Stop: service nginx stop

Start: service nginx start

Test configuration: nginx -t