In this article, I am assuming that you already have a Django website up and running using the Nginx web server on HTTP protocol. You can refer to the current Django project structure and deployment instructions if needed.
Note: This article is tested on the following tech stack: django, gunicorn, nginx, ubuntu 16. Steps are similar for other versions of ubuntu as well but if you get stuck somewhere, you can follow the instructions from the official documentation.
First, ssh into your server as sudo user and run the commands below to install certbot.
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-nginx
If you face issues while installing certbot via the above commands, install it via snapd otherwise directly jump to the next section. Follow these instructions to install snapd from the snapd official documentation.
Once snapd is installed, ensure that it's up to date
sudo snap install core; sudo snap refresh core
Remove the previously installed certbot packages via apt to avoid any conflict between apt and snap.
sudo apt-get remove certbot
Now, install certbot via snap.
sudo snap install --classic certbot
At last, link the installed snap to the user bin directory to access it globally.
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Generating SSL certificates using certbot
Let certbot do this automatically, generating certificates and editing the Nginx config file to serve these certificates.
sudo certbot --nginx
Here, you will be asked to enter the names of the website you want to activate HTTPS for, something like this:
Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: raturi.in 2: www.raturi.in
Enter the corresponding number with a comma(,) if you have more than 1 website you want to add HTTPS and press enter. After that fill in the details, it asks, and proceed.
Finally, restart your Nginx server for the changes to reflect.
sudo service nginx restart
Now, visit your domain, you can check HTTPS there.
Note: If you don't want certbot to automatically edit your Nginx file, you can generate the certificates only using
sudo certbot certonly --nginxand server these certificates manually.
Certbot Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command
sudo certbot renew --dry-run