Comments on: How to Install Free SSL Certificate for Nginx on Debian 10

By: Ravi Saive

Ravi Saive — Mon, 25 Aug 2025 05:22:08 +0000

In reply to Desain.

@Desain,

To harden your Nginx server, you’ll also want to:

1. Keep Nginx and system packages updated
2. Use a firewall (UFW/iptables) to only allow needed ports (80, 443, SSH).
3. Set up Fail2Ban or similar to block brute-force or malicious requests.
4. Configure strong SSL/TLS settings disable old protocols (SSLv3, TLS 1.0/1.1) and weak ciphers.
5. Add security headers like Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy.
6. Enable rate limiting to slow down bots and prevent abuse.
7. Run Nginx as a non-root user and use least privilege for services.
8. Monitor logs for unusual activity and consider setting up alerts.

This way, you’re covering both encryption and server hardening, which together give you much stronger protection.

By: Desain

Desain — Thu, 21 Aug 2025 13:31:24 +0000

Beyond installing an SSL certificate, what additional security measures should be taken to protect an Nginx server?

By: Alexey

Alexey — Thu, 29 Aug 2019 08:49:58 +0000

In reply to Ravi Saive.

Thank you!

By: Ravi Saive

Ravi Saive — Thu, 29 Aug 2019 04:58:35 +0000

In reply to Alexey.

@Alexey

Certbot automatically renews the SSL certificate 30 days prior to its expiration. To verify the renewal process, run the command below.

$ sudo certbot renew --dry-run

By: Alexey

Alexey — Wed, 28 Aug 2019 11:34:04 +0000

Thanks a lot for the article.

How to upgrade automatically certificate every three months on the schedule? How to write correctly a script?