create records on domain hosting website A record: @ (for root example.com), point to server public IP A record: * (for *.example.com), point to server public IP on server # set firewall rules - can't generate certificate without them sudo ufw allow 80/tcp sudo ufw allow 443/tcp vim /etc/nginx/sites-available/example.com # change server_name to "example.com www.example.com" # generate and install certificate sudo certbot --nginx -d example.com -d www.example.com sudo certbot install --cert-name example.com