Go back ⮌

Getting Let’s Encrypt cert with Nginx

Following configuration of Nginx site is used to acquire certificate from Let’s Encrypt using certbot and nginx .well-known authorization. For this example we will obtain certificate for mail.ignore.pl domain. Usually you will probably run some kind of webmail under this domain, so you will have more standard configuration.

server {
        listen 80;
        listen [::]:80;

        listen 443 ssl;
        listen [::]:443 ssl;

        server_name mail.ignore.pl;
        root /srv/www/mail/public;

        location /.well-known {
                try_files $uri $uri/ =404;

        location / {
                return 302 http://ignore.pl;

	#ssl_certificate /etc/letsencrypt/live/mail.ignore.pl/fullchain.pem;
	#ssl_certificate_key /etc/letsencrypt/live/mail.ignore.pl/privkey.pem;
	#include /etc/letsencrypt/options-ssl-nginx.conf;
	#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

With this just proceed with normal procedure of obtaining cert with certbot, for instance:

certbot --nginx certonly

Now uncomment ssl related parameters in nginx site config and you are ready to use certificates.