bashintermediate
Nginx SSL Setup with Certbot
Bash script to install and configure SSL certificates with Certbot for Nginx with auto-renewal.
bashPress ⌘/Ctrl + Shift + C to copy
#!/usr/bin/env bash
set -euo pipefail
DOMAIN="example.com"
EMAIL="admin@example.com"
# Install Certbot
sudo apt update && sudo apt install -y certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx \
-d "$DOMAIN" \
-d "www.$DOMAIN" \
--non-interactive \
--agree-tos \
--email "$EMAIL" \
--redirect
# Verify auto-renewal
sudo certbot renew --dry-run
# Certbot auto-renewal cron (added automatically)
# 0 0,12 * * * certbot renew --quiet --post-hook "systemctl reload nginx"
# SSL hardening (add to nginx server block):
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# ssl_prefer_server_ciphers off;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 1d;
# ssl_session_tickets off;
# ssl_stapling on;
# ssl_stapling_verify on;Use Cases
- Setting up HTTPS for production websites
- Automated SSL certificate renewal
- SSL hardening for web servers
Tags
Related Snippets
Similar patterns you can reuse in the same workflow.
bashintermediate
SSL Certificate Renewal with Certbot
Automate Let's Encrypt SSL certificate issuance and renewal with Certbot and NGINX reload.
Best for: Automated HTTPS setup for web servers
#ssl#certbot
bashintermediate
Nginx Rate Limiting Configuration
Nginx rate limiting with multiple zones for API and login routes, burst handling, and custom error pages.
Best for: Protecting APIs from abuse and DDoS
#nginx#rate-limiting
bashintermediate
Nginx Reverse Proxy Configuration
Nginx config to reverse-proxy requests to a backend with WebSocket support and security headers.
Best for: Serving Node.js apps behind Nginx
#nginx#reverse-proxy
bashadvanced
Nginx Load Balancer Configuration
Nginx upstream load balancer with weighted round-robin, health checks, and failover handling.
Best for: Distributing traffic across multiple app servers
#nginx#load-balancer