HTTPS(Let's Encrypt)?

# 1. certbot
sudo apt install certbot python3-certbot-nginx # 2. Nginx
sudo certbot --nginx -d example.com -d www.example.com # 3. sudo certbot renew --dry-run # 4. (certbot )
# /etc/cron.d/certbot systemd timer

server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/ssl/certs/example.com.pem; ssl_certificate_key /etc/ssl/private/example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; add_header Strict-Transport-Security "max-age=63072000" always; root /var/www/html;
} # HTTP → HTTPS server { listen 80; server_name example.com; return 301 https://$host$request_uri;
}