rss
November 19, 2023

Add a new website to a server running nginx, LetsEncrypt HTTPS and Certbot

Last updated on February 2025.

This is follow up note from https://yctct.com/setup-webserver to add a second website on the same web server.

Update DNS

In the DNS, point the domain name example.com or a subdomain www.example.com or both to the IP address of VPS.

A @ IP_address_of_server # for the domain name
A www IP_address_of_server # for the www subdomain

Configure web server

Read:

Follow FedFree’s instructions:

Generate a LetsEncrypt certificate

Read:

Generate a LetsEncrypt certificate for the new website, for the domain name:

# certbot certonly --webroot -w /var/www/example.com --must-staple --rsa-key-size 4096 --agree-tos -w /var/www/letsencrypt -d example.com --register-unsafely-without-email

for the subdomain www, for example:

# certbot certonly --webroot -w /var/www/example.com --must-staple --rsa-key-size 4096 --agree-tos -w /var/www/letsencrypt -d www.example.com --register-unsafely-without-email

Then you can check that example.com and www.example directories are created:

# ls /etc/letsencrypt/live/

About --webroot: https://eff-certbot.readthedocs.io/en/stable/using.html#webroot.

Place index.html in root

# touch /var/www/example.com/index.html

or the folder of your site.

Add CAA to DNS

example.com. CAA 128 issue "letsencrypt.org"

CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.

Long story: https://blog.qualys.com/product-tech/2017/03/13/caa-mandated-by-cabrowser-forum

more informaorgtion on CAA: https://letsencrypt.org/docs/caa/

Tests

Run curl tests and the SSL test (you should get A+), see: https://fedfree.org/docs/http/debian-nginx.html#tests

Then:

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And reload nginx:

# systemctl reload nginx

Back up the LetsEncrypt certificate

Back up the LetsEncrypt directory: https://yctct.com/backup-letsencrypt-folder-from-remote-to-local

Renew LetsEncrypt certificate automatically

See: https://yctct.com/renew-certificates


personal computing command-line interface (cli) gnu linux trisquel shell literacy wiki nginx hosting letsencrypt certbot

No affiliate links, no analytics, no tracking, no cookies. This work © 2016-2025 by yctct is licensed under CC BY-SA 4.0 .   about me   contact me   all entries & tags   FAQ   GPG public key

GPG fingerprint: 2E0F FB60 7FEF 11D0 FB45 4DDC E979 E52A 7036 7A88