Securing or obtaining the https protocol for your domain or subdomain is a must to encrypt your web content in Transport Layer. To do this, an SSL certificate is required from a trusted authority. Certbot is a plugin that can obtain both standalone and Nginx associated free SSL certificate offered by Let’s Encrypt Authority.

Step 1: Register a valid domain or subdomain

At first, you need to add A record of your domain or subdomain from your DigitalOcean account Networking Section. In my case, I am adding a sub-domain named If you want to register a subdomain, you have to click on the domain name when you are on the networking page so that the DNS management page appears.

Creating sub domain from DigitalOcean Account
Registering sub domain from DigitalOcean Account

Step 2: Setup Certbot

Secondly, login to your VPS via SSH and run the following commands.

sudo apt install certbot python3-certbot-nginx

For older version of Ubuntu and python, please try these commands-

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt install python-certbot-nginx

Step 3: Configure Nginx Server Block for subdomain

Since I am going to serve the web using Nginx, creating a server block for projects, is mandatory. First of all, use nano to create a server block for your subdomain using sudo nano /etc/nginx/sites-available/ .

Replace with your own subdomain. Subsequently, copy and paste the following code

server {
        listen 80;
        listen [::]:80;

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;


        location / {
                try_files $uri $uri/ =404;

Use Cntl+X and then Y to save and exit.

Note: The root directive can be different in your case if you want to serve your web from a different directory. Nginx default directory for web serving is /var/www/html.

After that, use this command to link the configuration file to site-enabled

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Now check if the nginx configuration is okay –

sudo nginx -t

Reload the nginx server –

sudo systemctl reload nginx

Step 4: Configure SSL with certbot Nginx

Finally, we can generate the SSL certificate for the subdomain. Use the follwing command –

sudo certbot --nginx -d

After successful validation of the subdomain, certbot will ask how you’d like to configure your HTTPS settings –

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

You can either select 1 or 2. But I always prefer to use the second option since the web is automatically redirected to HTTPS.

After you select the option and hitting enter, certbot will finally show you the success message.

Now try your secured subdomain from browser!

You may see the default Nginx page with a secured lock icon since it is running with a validated HTTPS SSL certificate. In conclusion, your subdomain is secured now.

Nginx Default Page with SSL
Click The lock icon for checking your SSL certificate information

Leave a Reply

Your email address will not be published.