. Download generated config: nginxconfig.io-{{ getDomains().join(',') }}.zip Upload to server's /etc/nginx/ directory - OR - Copy as Base64 string: Copy to clipboard (echo 'BASE64' | base64 --decode > /etc/nginx/nginxconfig.io-{{ getDomains().join(',') }}.zip) Paste from clipboard and run the command . Go to NGINX directory (over SSH): cd /etc/nginx . Backup current configuration: tar -czvf nginx_$(date +'%F_%H-%M-%S').tar.gz nginx.conf sites-available/ sites-enabled/ nginxconfig.io/ . Unzip the uploaded archive: unzip -o nginxconfig.io-{{ getDomains().join(',') }}.zip (you probably need to install unzip: sudo apt-get install unzip). Generate Diffie-Hellman keys: openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem {{ isSSLProfileLegacy() ? 1024 : 2048 }} . Create a common ACME-challenge directory (for Let's Encrypt): mkdir -p /var/www/_letsencrypt chown {{ data.user }} /var/www/_letsencrypt. Comment out SSL related directives in configuration: sed -i -r 's/(listen .*443)/\1;#/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g' /etc/nginx/nginx.conf /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ _domain }}.conf . Reload NGINX: sudo nginx -t && sudo systemctl reload nginx . Obtain certificate{{ getDomains().length > 1 ? 's' : '' }}: certbot certonly --webroot -d {{ _domain }} -d www.{{ _domain }} -d cdn.{{ _domain }} --email {{ data.sites[_site].email ? data.sites[_site].email : 'info@' + _domain }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal . Uncomment SSL related directives in configuration: sed -i -r 's/#?;#//g' /etc/nginx/nginx.conf /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ _domain }}.conf . Reload NGINX: sudo nginx -t && sudo systemctl reload nginx . Configure Certbot to reload NGINX after success renew: echo -e '#!/bin/bash\nnginx -t && systemctl reload nginx' | sudo tee /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh sudo chmod a+x /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh . Schedule renewing: Certbot will automatically renew any certificates that expire in less than 30 days. Reload NGINX: sudo nginx -t && sudo systemctl reload nginx