Here’s a slightly more detailed battle plan:
- Backup
/etc/nginx
! - Update your existing configurations to listen on port 443. That’s invalid (
nginx
will speak HTTP on port 443), but we’ll fix that once we have the certificate. Doing so will free up port 80, so your existing configs cannot conflict with getting your first cert. - Add the first configuration snippet after the Add HTTPS section header in my offline guide to either one of your config files, or an additional one in
sites-available
that you link to insites-enabled
. service nginx reload
- Install Certbot and get a certificate. Follow the instructions in my guide to do so. Supply multiple domains (with multiple
-d
arguments) to Certbot so you get one cert that covers all relevant domains (talk.zabanshenas.com
andwww.talk.zabanshenas.com
). - When you got the cert, adapt your existing configs (that you already changed to port 443) to match the last configuration snippet in the Add HTTPS section header in my guide: Update the
listen
line and add the lines that configure SSL. Leave the rest as is. service nginx reload
If all went well, your sites should be served via HTTPS, and there should be an automatic redirect to HTTPS.