Update https.md

_guides/https.md

@@ -7,24 +7,33 @@ description: Easily configure The Lounge to be served over HTTPS for better secu
 In this guide, we will see how to easily configure The Lounge to be served over [HTTPS](https://en.wikipedia.org/wiki/HTTPS) for better security and privacy.
 
 {: .alert.alert-warning role="alert"}
-The Lounge only has basic HTTPS support, and will need to be manually restarted to reload certificates on renewal. For advanced HTTPS support, consider [using a reverse proxy](/docs/guides/reverse-proxies).
+The Lounge only has basic HTTPS support.
 
-First, you need an HTTPS certificate. [Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open Certificate Authority that provides completely free HTTPS certificates.
+First, you need an HTTPS certificate and a domain. Make sure your domain's A record pointing to your server's IP. [Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open Certificate Authority that provides completely free HTTPS certificates.
 
-Assuming you have a valid email address at `email@example.com`, and want to serve The Lounge at `https://thelounge.example.com`, run these commands on your server:
+Assuming your domain is `thelounge.example.com`, follow these steps:
 
+1. Install nginx with `sudo apt install nginx`.
+2. Create configuration file for your domain with `sudo nano /etc/nginx/sites-available/thelounge.example.com`
+3. Paste code below:
 ```
-git clone https://github.com/letsencrypt/letsencrypt
-cd letsencrypt/
-./letsencrypt-auto certonly --standalone --email email@example.com -d thelounge.example.com
+server {
+    listen 80;
+    server_name thelounge.example.com;
+
+    location / {
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_pass         "http://127.0.0.1:9000";
+    }
+}
 ```
-
-Follow the instructions on screen. This should generate a private key, as well as your HTTPS certificate that will expire after 90 days.
-
-Open your configuration file, located at `${THELOUNGE_HOME}/config.js` and look for the `https` key, and set the following values:
-
-- Change `enable` to `true`
-- Set `key` to the private key path that was generated, `privkey.pem`
-- Set `certificate` to the certificate path, `fullchain.pem`
-
-Let's Encrypt will create its `/etc/letsencrypt` folder as root user, so you might have to change the owner of these files to the user that runs The Lounge.
+4. Save and close the file.
+5. Enable the configuration file with `sudo ln -s /etc/nginx/sites-available/thelounge.example.com /etc/nginx/sites-enabled/thelounge.example.com`
+6. Check the configuration file for errors with `sudo nginx -t`
+7. If there's no errors, restart nginx with `sudo systemctl restart nginx`
+8. Next, install certbot with `sudo apt install certbot python3-certbot-nginx`
+9. Start creating SSL certificate with `sudo certbot --nginx -d thelounge.example.com`
+10. Enter your valid email and agree to Let's Encrypt's TOS.
+11. Enter `2` to automatically redirect traffic to HTTPS
+12. Test your secured The Lounge installation by going to `https://thelounge.example.com`