# 🔐 Nginx SSL Configuration Guide

## 📄 Example Server Block (HTTPS)

```nginx
listen 443 ssl;
server_name example.com www.example.com;

# 🔒 SSL Certificate (Generated by Certbot)
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 

# 📂 Website Root
root /var/www/example.com/html;
index index.html;

# 🚦 Request Handling
location / {
    try_files $uri $uri/ =404;
}
```

---

## 🗂️ What Each Part Does

| Directive                    | Meaning                                                |
| ---------------------------- | ------------------------------------------------------ |
| `listen 443 ssl;`            | Listens on port **443** for secure HTTPS traffic.      |
| `server_name`                | Specifies the domain(s) for this site.                 |
| `ssl_certificate`            | The **full certificate chain** file from Certbot.      |
| `ssl_certificate_key`        | The **private key** file from Certbot.                 |
| `root`                       | Directory containing your website’s files.             |
| `index`                      | Default file served for a directory request.           |
| `try_files $uri $uri/ =404;` | Checks if a file/directory exists, else returns a 404. |

---

## ⚠️ SSL Notes

* Certbot certificates are stored here:

  ```
  /etc/letsencrypt/live/<your-domain>/
  ```
* Certificates **expire every 90 days** — set up auto-renew:

  ```bash
  certbot renew --quiet
  ```
* After renewal, always reload Nginx to apply changes:

  ```bash
  systemctl reload nginx
  ```