Add SSL to Site

1) Setup the site in our site tool.

2) Go to a command line and type in:

certbot –nginx

(*two dashes, not one)

3) You’ll see all of the websites listed with numbers. BE CAREFUL here. Do not hit enter and pull certs for all the sites. Enter in the site numbers separated by commas:


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 41, 42

4) It will prompt about forcing secure – do this:

Please choose whether HTTPS access is required or optional.
1: Easy – Allow both HTTP and HTTPS access to these sites
2: Secure – Make all requests redirect to secure HTTPS access
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

5) You can test with links similar to this:

– Congratulations! Your certificate and chain have been saved at
Your cert will expire on 2017-10-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”

6) And the server config file should look similar to this:

server {
listen 80;
listen [::]:80;

root /var/www/;
access_log /var/www/;
error_log /var/www/;
index index.php index.html;


location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args;
#try_files $uri $uri/ =404;

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

if ($scheme != “https”) {
return 301 https://$host$request_uri;
} # managed by Certbot

# Redirect non-https traffic to https
# if ($scheme != “https”) {
# return 301 https://$host$request_uri;
# } # managed by Certbot


7) Renewing certs

To renew, type in: cerbot renew