# Enable https NGINX ### Enable HTTPS on Nginx (Let’s Encrypt) ## 0. Introduction ### Goal Enable HTTPS on Nginx using an existing Let’s Encrypt certificate, open the HTTPS port, and (optionally) redirect all HTTP traffic to HTTPS. --- ## 1. Prerequisites - Nginx installed and running - Valid TLS certificate from Let’s Encrypt - Certificate files available under `/etc/letsencrypt/live//` Required files: ``` /etc/letsencrypt/live/qool.ovh/fullchain.pem /etc/letsencrypt/live/qool.ovh/privkey.pem ``` --- ## 2. Allow HTTPS Port (443) ### Add firewall rule ``` sudo ufw allow 443/tcp ``` ### Enable firewall (if not active) ``` sudo ufw enable ``` ### Verify ``` sudo ufw status ``` --- ## 3. Configure Nginx for HTTPS ### Edit Nginx site configuration ``` sudo nano /etc/nginx/sites-available/qool.ovh ``` ### HTTPS server block ``` server { listen 443 ssl http2; server_name *.qool.ovh; root /var/www/qool; index index.php index.html; ssl_certificate /etc/letsencrypt/live/qool.ovh/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/qool.ovh/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } } ``` --- ## 4. Redirect HTTP to HTTPS (Recommended) ### HTTP redirect block ``` server { listen 80; server_name *.qool.ovh; return 301 https://$host$request_uri; } ``` --- ## 5. Apply Configuration ### Test configuration ``` sudo nginx -t ``` ### Reload Nginx ``` sudo systemctl reload nginx ``` --- ## 6. Verify HTTPS ### Check listening ports ``` sudo ss -tlnp | grep 443 ``` ### Test in browser ``` https://test.qool.ovh ``` ### Test via CLI ``` curl -I https://test.qool.ovh ``` --- ## Final Notes - Port 443 must be open in the firewall - Nginx must reference the correct certificate paths - Certbot renews certificates automatically - No manual changes are required after renewal - This setup supports wildcard subdomains