To set up SSL certificates on the Django application, certbot is used. Certbot gets free SSL (HTTPS) certificates from Let's Encrypt Forever.

In this article, I am assuming that you already have a Django website up and running using the Nginx web server on HTTP protocol. You can refer to the current Django project structure and deployment instructions if needed.

Note: This article is tested on the following tech stack: django, gunicorn, nginx, ubuntu 16. Steps are similar for other versions of ubuntu as well but if you get stuck somewhere, you can follow the instructions from the official documentation.

Install Certbot

First, ssh into your server as a sudo user and run the commands below to install certbot.

sudo apt-get update 
sudo apt-get install software-properties-common 
sudo add-apt-repository universe 
sudo add-apt-repository ppa:certbot/certbot 
sudo apt-get update sudo apt-get install certbot python-certbot-nginx

If you face issues while installing certbot via the above commands, install it via snapd otherwise directly jump to the next section. Follow these instructions to install snapd from the snapd official documentation.

Once snapd is installed, ensure that it's up to date

sudo snap install core; sudo snap refresh core

Remove the previously installed certbot packages via apt to avoid any conflict between apt and snap.

sudo apt-get remove certbot

Now, install certbot via snap.

sudo snap install --classic certbot

At last, link the installed snap to the user bin directory to access it globally.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Generating SSL certificates using certbot

Let certbot do this automatically, generating certificates and editing the Nginx config file to serve these certificates.

sudo certbot --nginx

Here, you will be asked to enter the names of the website you want to activate HTTPS for, something like this:

Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
1: raturi.in 
2: www.raturi.in

Enter the corresponding number with a comma(,) if you have more than 1 website you want to add HTTPS and press enter. After that fill in the details, it asks, and proceed.

Finally, restart your Nginx server for the changes to reflect.

sudo service nginx restart

Now, visit your domain, you can check HTTPS there.

Note: If you don't want certbot to automatically edit your Nginx file, you can generate the certificates only using sudo certbot certonly --nginx and server these certificates manually.

Certbot Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command

sudo certbot renew --dry-run