Either buy a domain name from the registrar of your choice or choose one from those on the list in the GitHub Education Pack like Namecheap, name.com, or .tech domains. Then receive a domain name from one of these.
The following is an adapted and abbreviated version of a more comprehensive tutorial from DigitalOcean
sudo apt update
sudo apt install nginxCheck that nginx is up and running
systemctl status nginxsudo ufw enable
sudo ufw allow 'Nginx HTTP'
sudo ufw allow ssh
sudo ufw statusThe following assumes that your domain is called your_domain.dk.
Open an editor to create your new configuration file:
sudo nano /etc/nginx/sites-available/your_domain.dkand use the following example configuration in it:
server {
listen 80;
listen [::]:80;
server_name your_domain.dk;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_http_version 1.1;
proxy_set_header X-URIScheme https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}Note, this configuration assumes that you have a locally running webserver listening on port 8080
After saving the configuration file and after closing the editor, enable the newly created configuration file.
Do so by symbolically linking it to the sites-enabled directory that Nginx reads at startup:
sudo ln -s /etc/nginx/sites-available/your_domain.dk /etc/nginx/sites-enabled/Let Nginx double check if it can read your newly created configuration and if it does not contain any obvious errors:
sudo nginx -tNow, restart Nginx so that it is configured accordingly:
sudo systemctl restart nginxSince certbot is a Python program, make sure you have a Python interpreter and its dependencies installed on your server
The official documentation is here.
(An alternative path to installing certbot is via Ubuntu snap, as e.g., described in this DigitalOcean tutorial. But snap is criticized in the open-source world. Therefore, we install it directly.)
sudo apt update
sudo apt install python3 python3-dev python3-venv libaugeas-dev gccSet up a Python virtual environment for certbot
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pipNow, finally install certbot.
sudo /opt/certbot/bin/pip install certbot certbot-nginxCreate a symbolic link from the just install certbot program to a path holding your executables so that you can run it directly as certbot command, i.e., by just typing certbot.
sudo ln -s /opt/certbot/bin/certbot /usr/local/bin/certbotCheck firewall status and update it to accept also TLS encrypted, i.e., HTTPS traffic:
sudo ufw status
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo ufw allow ssh
sudo ufw statusA quick tip: If you are running Nginx directly on your server (not in a Docker container), you can usually just keep your original configuration exactly as it is and run the following command in your terminal:
sudo certbot --nginx -d your_domain.dkCertbot will automatically verify the domain, generate the certificates, and rewrite your original Nginx configuration to look like the one above.
Now, enter your email address, accept terms of service, and a message similar to the following should appear:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address or hit Enter to skip.
(Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at:
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for your_domain.dk
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your_domain.dk/fullchain.pem
Key is saved at: /etc/letsencrypt/live/your_domain.dk/privkey.pem
This certificate expires on 2025-07-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for wimblefun.foodeez.dk to /etc/nginx/sites-enabled/your_domain.dk
Congratulations! You have successfully enabled HTTPS on https://your_domain.dk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Navigate with your browser to https://your_domain.dk/ double check the "lock icon" in front of the URL after loading your page.
TLS certificates expire after a certain period of time. Thereafter, they have to be renewed. You can automate this step, e.g., by configuring a CRON job for the task, see step 8 in the official documentation.