🔐 Fortify Your Droplet: Unlock Free HTTPS with Let’s Encrypt SSL!
I’m Insaf Nilam, a full-stack developer passionate about crafting clean, efficient, and future-ready software. I love solving complex problems, exploring new tech stacks, and sharing my learnings through blogs. When I’m not coding, I’m probably tweaking deployments, experimenting with microservices, or geeking out over cloud architecture.
By now, your droplet is already fortified — you’ve:
Created a non-root user
Secured SSH access
Enabled a firewall
The next essential step is to encrypt all traffic with HTTPS. Without HTTPS, sensitive data (like login credentials) is vulnerable to interception. With it, your visitors will see the trusted 🔒 padlock in their browser, boosting both security and credibility.
We’ll use Let’s Encrypt (a free certificate authority) along with Certbot (an automation tool) to set this up.
🔑 Prerequisites
Before diving in, make sure you’ve covered the basics:
These guides walk you through preparing your droplet and setting up your stack. Once ready, we can add SSL certificate on top.
1️⃣ Point Your Domain to the Droplet
First, ensure your domain (e.g., azan.lk) resolves to your droplet’s IP.
Log in to your domain registrar (e.g., Register.lk, Namecheap, GoDaddy, Cloudflare).
Change your domain’s nameservers to DigitalOcean’s:
ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.comIn your DigitalOcean Dashboard, go to your project (
azan.lk) → Create → Domain/DNS → addazan.lk.Add an A record pointing your root domain (
@) to your droplet’s public IP.Record type: A
Hostname: @
Value: [your Droplet Public IP Address]
TTL: 3600
👉 Changes can take up to 24 hours to propagate (mine took ~4 hours).
Verify it:
ping azan.lk
If it resolves to your droplet’s IP, you’re good to go.
2️⃣ Install Nginx (if not already)
Certbot integrates seamlessly with Nginx, so let’s install it:
sudo apt install nginx -y
systemctl status nginx
3️⃣ Update Firewall for HTTPS
Earlier, we set up UFW. Now, allow HTTPS traffic:
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo ufw status
4️⃣ Install Certbot
Install Certbot and its Nginx plugin:
sudo apt install certbot python3-certbot-nginx -y
5️⃣ Obtain and Install the SSL Certificate
Run the following command (replace with your domain):
sudo certbot --nginx -d azan.lk -d www.azan.lk
Enter your email for renewal alerts.
Agree to the Let’s Encrypt terms.
Choose the option to redirect all HTTP → HTTPS.
Certbot will fetch and install the certificate automatically.
6️⃣ Test Auto-Renewal
Let’s Encrypt certificates are valid for 90 days, but Certbot configures auto-renewal. Test it with:
sudo certbot renew --dry-run
7️⃣ Verify Your Setup
Open your site in a browser:
👉 https://azan.lk
You should now see a secure padlock 🔒.
🎉 Your Server Is Fully Fortified
By combining the earlier hardening steps with SSL, your droplet is now production-ready:
✅ Secure against brute-force SSH attacks
✅ Locked down with non-root + key-based access
✅ Protected by a firewall
✅ Encrypted with free, auto-renewing HTTPS
Your DigitalOcean Droplet is battle-ready to serve real-world apps 🚀
