This post assumes that you are using DigitalOCean’s droplet. But you should be able to do the same on any similar services. I am documenting the steps for my own record, in case I need to set one up again from scratch.

Initial Setup

I read and followed instructions from Initial Server Setup with Ubuntu 18.04, replacing IP address and username. I am, however, using DigitalOCean Cloud Firewall instead of ufw. It doesn’t really matter which you use, but do not use both.

Install and Set up Nginx

Again, I followed the instructions at How to Install Nginx on Ubuntu 18.04, replacing the domain name with my own. At the end, make sure that you set up your DNS correctly and the domain name resolves to your assigned IP address.

Secure Nginx with Let’s Encrypt

I read and followed How to Secure Nginx with Let’s Encrypt on Ubuntu 18.04. But I did not add the ppa:certbot/certbot repository. I simply ran sudo apt install python-certbot-nginx without adding the mentioned repository.

Use your own domain name instead of example.com and www.example.com.

$ sudo certbot --nginx -d example.com -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <your-email-address>

As my setup is new, I chose option 2 to redirect all requests to HTTPS.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

References:

Pre-requisites: