sudo apt install certbot python3-certbot-nginx
  

    # Default server configuration
server {
  ...
  server_name get-go.dev;

  ...
}
  

    sudo nginx -t
  

      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  nginx: configuration file /etc/nginx/nginx.conf test is successful
  

    sudo systemctl reload nginx
  

    sudo certbot --nginx -d get-go.dev
  

      Saving debug log to /var/log/letsencrypt/letsencrypt.log
  Plugins selected: Authenticator nginx, Installer nginx
  Enter email address (used for urgent renewal and security notices) (Enter 'c' to
  cancel): kevenclient@gmail.com

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Please read the Terms of Service at
  https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
  order to register with the ACME server at
  https://acme-v02.api.letsencrypt.org/directory
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  (A)gree/(C)ancel: A

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Would you be willing to share your email address with the Electronic Frontier
  Foundation, a founding partner of the Let's Encrypt project and the non-profit
  organization that develops Certbot? We'd like to send you email about our work
  encrypting the web, EFF news, campaigns, and ways to support digital freedom.
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  (Y)es/(N)o: Y

  Obtaining a new certificate
  Performing the following challenges:
  http-01 challenge for get-go.dev
  Waiting for verification...
  Cleaning up challenges
  Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default

  Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  1: No redirect - Make no further changes to the webserver configuration.
  2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
  new sites, or if you're confident your site works on HTTPS. You can undo this
  change by editing your web server's configuration.
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
  Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Congratulations! You have successfully enabled https://get-go.dev

  You should test your configuration at:
  https://www.ssllabs.com/ssltest/analyze.html?d=get-go.dev
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  IMPORTANT NOTES:
   - Congratulations! Your certificate and chain have been saved at:
     /etc/letsencrypt/live/get-go.dev/fullchain.pem
     Your key file has been saved at:
     /etc/letsencrypt/live/get-go.dev/privkey.pem
     Your cert will expire on 2024-10-10. To obtain a new or tweaked
     version of this certificate in the future, simply run certbot again
     with the "certonly" option. To non-interactively renew *all* of
     your certificates, run "certbot renew"
   - Your account credentials have been saved in your Certbot
     configuration directory at /etc/letsencrypt. You should make a
     secure backup of this folder now. This configuration directory will
     also contain certificates and private keys obtained by Certbot so
     making regular backups of this folder is ideal.
   - If you like Certbot, please consider supporting our work by:

     Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
     Donating to EFF:                    https://eff.org/donate-le
  

    sudo systemctl status certbot.timer
  

      ● certbot.timer - Run certbot twice daily
       Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
       Active: active (waiting) since Fri 2024-07-12 13:06:42 UTC; 22min ago
      Trigger: Sat 2024-07-13 00:04:55 UTC; 10h left
     Triggers: ● certbot.service

  Jul 12 13:06:42 ubuntu-s-1vcpu-1gb-sgp1-01 systemd[1]: Started Run certbot twice daily.
  

    sudo certbot renew --dry-run
  

      Saving debug log to /var/log/letsencrypt/letsencrypt.log

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Processing /etc/letsencrypt/renewal/get-go.dev.conf
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Cert not due for renewal, but simulating renewal for dry run
  Plugins selected: Authenticator nginx, Installer nginx
  Renewing an existing certificate
  Performing the following challenges:
  http-01 challenge for get-go.dev
  Waiting for verification...
  Cleaning up challenges

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  new certificate deployed with reload of nginx server; fullchain is
  /etc/letsencrypt/live/get-go.dev/fullchain.pem
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  ** DRY RUN: simulating 'certbot renew' close to cert expiry
  **          (The test certificates below have not been saved.)

  Congratulations, all renewals succeeded. The following certs have been renewed:
    /etc/letsencrypt/live/get-go.dev/fullchain.pem (success)
  ** DRY RUN: simulating 'certbot renew' close to cert expiry
  **          (The test certificates above have not been saved.)
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  IMPORTANT NOTES:
   - Your account credentials have been saved in your Certbot
     configuration directory at /etc/letsencrypt. You should make a
     secure backup of this folder now. This configuration directory will
     also contain certificates and private keys obtained by Certbot so
     making regular backups of this folder is ideal.