create records on domain hosting website

  • A record: @ (for root example.com), point to server public IP
  • A record: * (for *.example.com), point to server public IP

on server

# set firewall rules - can't generate certificate without them
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
 
vim /etc/nginx/sites-available/example.com
# change server_name to "example.com www.example.com"
 
# generate and install certificate
sudo certbot --nginx -d example.com -d www.example.com
sudo certbot install --cert-name example.com