Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.


For configuring Certbot with Nginx as quickly and securely as possible.

Normal Code Climate

If you want an instant A+ score on Qualys SSL Labs and A score on, then this is what you'll need to do. You won't need any familiarity with Certbot, Let's Encrypt, the ACME spec, or SSL in general, just basic Nginx configuration.

1. Install Certbot and Clone Bubbly

We'll start off by cloning the project into the home folder with git.

cd &&
sudo apt install git certbot &&
git clone

2. Generate Statics

Generate the static keys once per server.


As it will warn, this will take a while.

Have a seat.

3. Copy config blocks

When you've gone and made something in the 15 minutes that could well take, or you've just set up a new SSH session, copy the Nginx configuration over to the Nginx area.


4. Configure & Enable Verification

Copy the verification site template and replace the instances of in the file with your actual domain name.

sudo cp /etc/nginx/sites-available/bubbly_verify.conf /etc/nginx/sites-available/
sudo nano /etc/nginx/sites-available/

Use Ctrl and \ to initiate a search and replace for with your domain.

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/
sudo nginx -t && sudo service nginx reload

Alternatively, you can simply add include location/bubbly_well-known-passthrough.conf; to an existing site you want to continue working while we upgrade.

5. Fetch Certificates

Fetch your certificates like this:

~/bubbly/ -d -d

It will ask for the root password, and an email address, so hang around, it shouldn't take more than a few seconds.

6. Start using the Certificates

Remove the verification config you just made, and replace it with a live version of the site. You'll need to more carefully review the [OPTION]s in this file, as you'll also need to change the certificate location to match the domain name you requested. Consider taking a look at the [OPTION]s and [WARNING]s in other linked config files.

sudo rm /etc/nginx/sites-available/
sudo cp /etc/nginx/sites-available/bubbly_live.conf /etc/nginx/sites-available/
sudo nano /etc/nginx/sites-available/

Use Ctrl and \ to initiate a search and replace for with your domain.

sudo nginx -t && sudo service nginx reload

7. Automate Renewal

Edit crontab.conf and append it to your existing cron jobs for automatic renewal. This is important, since Let's Encrypt certificates expire in three months.

nano ~/bubbly/crontab.conf
cat ~/bubbly/crontab.conf > /tmp/bubbly-crontab
crontab -l >> /tmp/bubbly-crontab
crontab /tmp/bubbly-crontab

Screenshot of

Screenshot of


BASH: Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.




Code of conduct

Security policy





No packages published

Contributors 4