Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.

I'm using on
No javascript? See all setup instructions here. Read the full documentation here.

Nginx on macOS

Automated
Advanced

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Certbot's DNS plugins which can be used to automate obtaining a wildcard certificate from Let's Encrypt's ACMEv2 server are not available for your OS yet. This should change soon but if you don't want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.

Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates certificate installation.

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job or systemd timer which runs the following:
certbot renew

An example cron job might look like this, which will run at noon and midnight every day:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Certbot's DNS plugins which can be used to automate obtaining a wildcard certificate from Let's Encrypt's ACMEv2 server are not available for your OS yet. This should change soon but if you don't want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.

Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates certificate installation.

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job or systemd timer which runs the following:
certbot renew

An example cron job might look like this, which will run at noon and midnight every day:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew 

More detailed information and options about renewal can be found in the full documentation.