bashintermediate
Nginx SSL Setup with Certbot
Bash script to install and configure SSL certificates with Certbot for Nginx with auto-renewal.
bashPress ⌘/Ctrl + Shift + C to copy
#!/usr/bin/env bash
set -euo pipefail
DOMAIN="example.com"
EMAIL="admin@example.com"
# Install Certbot
sudo apt update && sudo apt install -y certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx \
-d "$DOMAIN" \
-d "www.$DOMAIN" \
--non-interactive \
--agree-tos \
--email "$EMAIL" \
--redirect
# Verify auto-renewal
sudo certbot renew --dry-run
# Certbot auto-renewal cron (added automatically)
# 0 0,12 * * * certbot renew --quiet --post-hook "systemctl reload nginx"
# SSL hardening (add to nginx server block):
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# ssl_prefer_server_ciphers off;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_stapling on;
# ssl_stapling_verify on;Use Cases
- Setting up HTTPS for production websites
- Automated SSL certificate renewal
- SSL hardening for web servers
Tags
Related Snippets
Similar patterns you can reuse in the same workflow.
bashintermediate
Nginx Rate Limiting Configuration
Nginx rate limiting with multiple zones for API and login routes, burst handling, and custom error pages.
#nginx#rate-limiting
bashintermediate
Nginx Reverse Proxy Configuration
Nginx config to reverse-proxy requests to a backend with WebSocket support and security headers.
#nginx#reverse-proxy
bashadvanced
Nginx Load Balancer Configuration
Nginx upstream load balancer with weighted round-robin, health checks, and failover handling.
#nginx#load-balancer
typescriptintermediate
In-Memory Rate Limiter for Express
Token bucket rate limiter middleware for Express with configurable window and max requests per IP.
#express#rate-limit