How do I add SSL for a new subdomain?
Run sudo certbot --nginx -d new.yourdomain.com. Certbot obtains the certificate and updates Nginx config automatically. For a separate certificate, use --cert-name. Ensure the subdomain's DNS A record points to your server before running certbot.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Nginx SSL Certificate Renewal and Updates Let's Encrypt Auto-Renewal
Certbot sets up a systemd timer that runs 'certbot renew' twice daily. When a certificate is within 30 days of expiry, it renews automatically. Set up a deploy hook to reload Nginx: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx'. Test with certbot renew --dry-run.
Run sudo certbot renew --dry-run. This simulates the renewal process without actually renewing. If it succeeds, auto-renewal is working. If it fails, check the error message common issues are port 80 not accessible or Nginx config errors.
Set up a deploy hook: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx', make it executable. Or run 'sudo certbot renew --deploy-hook "systemctl reload nginx"'. The deploy hook runs automatically after each successful renewal.
Still have questions?
Browse all our FAQs or reach out to our support team
