{"id":10925,"date":"2026-04-10T18:52:48","date_gmt":"2026-04-10T18:52:48","guid":{"rendered":"https:\/\/bitep.net\/blog\/2026\/04\/10\/ubuntu-24-04-nginx-certbot-https-tutorial\/"},"modified":"2026-04-10T18:52:48","modified_gmt":"2026-04-10T18:52:48","slug":"ubuntu-24-04-nginx-certbot-https-tutorial","status":"publish","type":"post","link":"https:\/\/bitep.net\/blog\/2026\/04\/10\/ubuntu-24-04-nginx-certbot-https-tutorial\/","title":{"rendered":"Ubuntu 24.04-d\u0259 Nginx \u00fc\u00e7\u00fcn SSL nec\u0259 qurulur? Certbot v\u0259 HTTPS setup"},"content":{"rendered":"<p>Ubuntu 24.04 server qurduqdan sonra Nginx il\u0259 sayt a\u00e7maq ba\u015flan\u011f\u0131cd\u0131r, amma sayt\u0131n h\u0259qiq\u0259t\u0259n etibarl\u0131 g\u00f6r\u00fcnm\u0259si \u00fc\u00e7\u00fcn n\u00f6vb\u0259ti vacib add\u0131m HTTPS qurmaqd\u0131r. Bu i\u015f \u00fc\u00e7\u00fcn \u0259n praktik v\u0259 geni\u015f istifad\u0259 olunan h\u0259ll\u0259rd\u0259n biri <strong>Let&#8217;s Encrypt + Certbot<\/strong> birl\u0259\u015fm\u0259sidir.<\/p>\n<p>Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04-d\u0259 Nginx \u00fc\u00e7\u00fcn SSL sertifikat\u0131n\u0131n nec\u0259 quruldu\u011funu, HTTP-d\u0259n HTTPS-\u0259 ke\u00e7idin nec\u0259 edildiyini, avtomatik yenil\u0259nm\u0259nin nec\u0259 i\u015fl\u0259diyini v\u0259 \u0259n \u00e7ox rast g\u0259lin\u0259n probleml\u0259rin nec\u0259 h\u0259ll olundu\u011funu add\u0131m-add\u0131m g\u00f6st\u0259r\u0259c\u0259y\u0259m.<\/p>\n<h2>Bu tutorial kim \u00fc\u00e7\u00fcnd\u00fcr?<\/h2>\n<ul>\n<li>Nginx il\u0259 sayt qald\u0131rm\u0131\u015f Ubuntu 24.04 istifad\u0259\u00e7il\u0259ri<\/li>\n<li>Domain-i aktiv olan v\u0259 sayt\u0131 art\u0131q HTTP il\u0259 a\u00e7\u0131lanlar<\/li>\n<li>Let&#8217;s Encrypt il\u0259 pulsuz SSL qurmaq ist\u0259y\u0259nl\u0259r<\/li>\n<li>HTTPS redirect v\u0259 auto-renew m\u0259ntiqini d\u00fczg\u00fcn qurmaq ist\u0259y\u0259nl\u0259r<\/li>\n<\/ul>\n<h2>Bu tutorial-da n\u0259 \u00f6yr\u0259n\u0259c\u0259ksiniz?<\/h2>\n<ul>\n<li>Certbot n\u0259dir v\u0259 niy\u0259 istifad\u0259 olunur<\/li>\n<li>Nginx \u00fc\u00e7\u00fcn Certbot nec\u0259 qura\u015fd\u0131r\u0131l\u0131r<\/li>\n<li>Domain v\u0259 firewall t\u0259l\u0259bl\u0259ri n\u0259dir<\/li>\n<li>SSL sertifikat\u0131 nec\u0259 al\u0131n\u0131r<\/li>\n<li>HTTPS redirect nec\u0259 aktiv olunur<\/li>\n<li>Auto-renew nec\u0259 yoxlan\u0131l\u0131r<\/li>\n<li>\u018fn \u00e7ox rast g\u0259lin\u0259n x\u0259talar nec\u0259 h\u0259ll olunur<\/li>\n<\/ul>\n<h2>Certbot n\u0259dir?<\/h2>\n<p>Certbot, Let&#8217;s Encrypt sertifikatlar\u0131n\u0131 almaq v\u0259 yenil\u0259m\u0259k \u00fc\u00e7\u00fcn istifad\u0259 olunan a\u00e7\u0131q m\u0259nb\u0259li vasit\u0259dir. Nginx il\u0259 birlikd\u0259 i\u015fl\u0259dikd\u0259, \u00e7ox vaxt sertifikat almaqla yana\u015f\u0131 server konfiqurasiyas\u0131n\u0131 da avtomatik t\u0259nziml\u0259y\u0259 bilir.<\/p>\n<p>Praktik olaraq bunun \u00fcst\u00fcnl\u00fckl\u0259ri bunlard\u0131r:<\/p>\n<ul>\n<li>pulsuz SSL<\/li>\n<li>tez qura\u015fd\u0131rma<\/li>\n<li>HTTPS redirect avtomatla\u015fd\u0131r\u0131lmas\u0131<\/li>\n<li>yenil\u0259nm\u0259nin avtomatik idar\u0259si<\/li>\n<\/ul>\n<h2>Ba\u015flamazdan \u0259vv\u0259l n\u0259l\u0259r haz\u0131r olmal\u0131d\u0131r?<\/h2>\n<ul>\n<li>Ubuntu 24.04 server<\/li>\n<li>Nginx art\u0131q qura\u015fd\u0131r\u0131lm\u0131\u015f v\u0259 i\u015fl\u0259k olmal\u0131d\u0131r<\/li>\n<li>Domain server IP-y\u0259 y\u00f6nl\u0259ndirilm\u0259lidir<\/li>\n<li>HTTP \u00fcz\u0259rind\u0259n sayt a\u00e7\u0131lmal\u0131d\u0131r<\/li>\n<li>UFW v\u0259 ya provider firewall-da 80 v\u0259 443 portlar\u0131 a\u00e7\u0131q olmal\u0131d\u0131r<\/li>\n<\/ul>\n<p><strong>Vacib qeyd:<\/strong> \u018fg\u0259r domain h\u0259l\u0259 d\u00fczg\u00fcn resolve olmursa v\u0259 ya port 80 blokdad\u0131rsa, Certbot \u00e7ox vaxt t\u0259sdiql\u0259m\u0259 m\u0259rh\u0259l\u0259sind\u0259 u\u011fursuz olacaq.<\/p>\n<h2>Add\u0131m 1: Nginx-in i\u015fl\u0259diyini yoxlay\u0131n<\/h2>\n<pre><code>sudo systemctl status nginx<\/code><\/pre>\n<p>Sayt\u0131n\u0131z\u0131 HTTP il\u0259 yoxlay\u0131n:<\/p>\n<pre><code>curl -I http:\/\/example.com<\/code><\/pre>\n<p>\u018fg\u0259r cavab g\u0259lirs\u0259, \u0259sas baza haz\u0131rd\u0131r.<\/p>\n<h2>Add\u0131m 2: Firewall portlar\u0131n\u0131 a\u00e7\u0131n<\/h2>\n<p>UFW istifad\u0259 edirsinizs\u0259:<\/p>\n<pre><code>sudo ufw allow 'Nginx Full'\nsudo ufw status<\/code><\/pre>\n<p>Bu h\u0259m 80, h\u0259m d\u0259 443 portlar\u0131n\u0131 a\u00e7\u0131r. \u018fg\u0259r provider t\u0259r\u0259find\u0259 ayr\u0131ca firewall varsa, orada da eyni portlar a\u00e7\u0131q olmal\u0131d\u0131r.<\/p>\n<h2>Add\u0131m 3: Certbot qura\u015fd\u0131r\u0131n<\/h2>\n<p>Ubuntu-da \u0259n praktik \u00fcsul:<\/p>\n<pre><code>sudo apt update\nsudo apt install certbot python3-certbot-nginx -y<\/code><\/pre>\n<p>Bu \u0259mrd\u0259n sonra Certbot v\u0259 Nginx plugin haz\u0131r olacaq.<\/p>\n<h2>Add\u0131m 4: Nginx server_name d\u00fczg\u00fcn yaz\u0131l\u0131bsa onu yoxlay\u0131n<\/h2>\n<p>Nginx site config fayl\u0131nda domain d\u00fczg\u00fcn g\u00f6st\u0259rilm\u0259lidir:<\/p>\n<pre><code>server {\n    listen 80;\n    listen [::]:80;\n\n    server_name example.com www.example.com;\n\n    root \/var\/www\/example-site;\n    index index.html;\n\n    location \/ {\n        try_files $uri $uri\/ =404;\n    }\n}<\/code><\/pre>\n<p>Sonra konfiqurasiyan\u0131 test edin:<\/p>\n<pre><code>sudo nginx -t<\/code><\/pre>\n<p>D\u00fczg\u00fcnd\u00fcrs\u0259 reload edin:<\/p>\n<pre><code>sudo systemctl reload nginx<\/code><\/pre>\n<h2>Add\u0131m 5: SSL sertifikat\u0131 al\u0131n<\/h2>\n<p>\u0130ndi Certbot-u Nginx plugin il\u0259 i\u015f\u0259 sal\u0131n:<\/p>\n<pre><code>sudo certbot --nginx -d example.com -d www.example.com<\/code><\/pre>\n<p>Bu proses zaman\u0131 sizd\u0259n email, istifad\u0259 \u015f\u0259rtl\u0259ri v\u0259 redirect se\u00e7imi soru\u015fula bil\u0259r.<\/p>\n<p>Ad\u0259t\u0259n Certbot siz\u0259 bel\u0259 bir se\u00e7im ver\u0259c\u0259k:<\/p>\n<ul>\n<li>yaln\u0131z sertifikat qura\u015fd\u0131rmaq<\/li>\n<li>HTTP-ni avtomatik HTTPS-\u0259 redirect etm\u0259k<\/li>\n<\/ul>\n<p>Praktik hallarda ikinci se\u00e7im daha do\u011frudur.<\/p>\n<h2>Add\u0131m 6: HTTPS-i yoxlay\u0131n<\/h2>\n<p>Qura\u015fd\u0131rmadan sonra sayt\u0131 a\u00e7\u0131n:<\/p>\n<pre><code>curl -I https:\/\/example.com<\/code><\/pre>\n<p>\u018flav\u0259 olaraq brauzerd\u0259 domeni a\u00e7\u0131n v\u0259 kilid i\u015far\u0259sini yoxlay\u0131n.<\/p>\n<p>HTTP redirect-i yoxlamaq \u00fc\u00e7\u00fcn:<\/p>\n<pre><code>curl -I http:\/\/example.com<\/code><\/pre>\n<p>Burada 301 v\u0259 ya 308 redirect g\u00f6rm\u0259lisiniz.<\/p>\n<h2>Add\u0131m 7: Auto-renew i\u015fl\u0259yir?<\/h2>\n<p>Let&#8217;s Encrypt sertifikatlar\u0131 daimi deyil, m\u00fc\u0259yy\u0259n m\u00fcdd\u0259t \u00fc\u00e7\u00fcn verilir. Ona g\u00f6r\u0259 auto-renew vacibdir. Test edin:<\/p>\n<pre><code>sudo certbot renew --dry-run<\/code><\/pre>\n<p>\u018fg\u0259r test u\u011furla ke\u00e7irs\u0259, yenil\u0259nm\u0259 mexanizmi \u00fcmumiyy\u0259tl\u0259 d\u00fczg\u00fcnd\u00fcr.<\/p>\n<h2>Certbot Nginx konfiqurasiyas\u0131nda n\u0259 d\u0259yi\u015fir?<\/h2>\n<p>Ad\u0259t\u0259n Certbot:<\/p>\n<ul>\n<li>443 \u00fc\u00e7\u00fcn SSL bloklar\u0131 \u0259lav\u0259 edir<\/li>\n<li>sertifikat yolunu config-\u0259 yaz\u0131r<\/li>\n<li>ist\u0259s\u0259niz HTTP redirect \u0259lav\u0259 edir<\/li>\n<\/ul>\n<p>Buna g\u00f6r\u0259 sertifikatdan sonra Nginx site config-\u0259 yenid\u0259n baxmaq faydal\u0131d\u0131r.<\/p>\n<h2>\u018fn \u00e7ox rast g\u0259lin\u0259n probleml\u0259r<\/h2>\n<h3>1. Domain do\u011frulanm\u0131r<\/h3>\n<p>Ad\u0259t\u0259n s\u0259b\u0259bl\u0259r bunlard\u0131r:<\/p>\n<ul>\n<li>DNS h\u0259l\u0259 propagasiya olmay\u0131b<\/li>\n<li>domain s\u0259hv IP-y\u0259 gedir<\/li>\n<li>port 80 ba\u011fl\u0131d\u0131r<\/li>\n<li>Nginx h\u0259min domain \u00fc\u00e7\u00fcn d\u00fczg\u00fcn cavab vermir<\/li>\n<\/ul>\n<h3>2. Certbot Nginx config-i tapa bilmir<\/h3>\n<p>Bu, \u00e7ox vaxt <code>server_name<\/code> d\u00fczg\u00fcn yaz\u0131lmayanda olur. Config-d\u0259 domain uy\u011fun olmal\u0131d\u0131r.<\/p>\n<h3>3. HTTPS i\u015fl\u0259yir, amma HTTP redirect i\u015fl\u0259mir<\/h3>\n<p>Bu halda Nginx config-d\u0259 redirect blokunu ayr\u0131ca yoxlay\u0131n v\u0259 Certbot se\u00e7imind\u0259 redirect aktiv edildiyini t\u0259sdiql\u0259yin.<\/p>\n<h3>4. Renewal test u\u011fursuz olur<\/h3>\n<p>Bu, ad\u0259t\u0259n firewall, DNS v\u0259 ya k\u00f6hn\u0259 config problemi olur. <code>sudo certbot renew --dry-run<\/code> \u00e7\u0131x\u0131\u015f\u0131na bax\u0131b s\u0259b\u0259bi tapmaq laz\u0131md\u0131r.<\/p>\n<h2>T\u0259hl\u00fck\u0259sizlik v\u0259 praktik t\u00f6vsiy\u0259l\u0259r<\/h2>\n<ul>\n<li>HTTP-ni bo\u015f saxlama, HTTPS-\u0259 redirect et<\/li>\n<li>yaln\u0131z real domain-l\u0259r \u00fc\u00e7\u00fcn sertifikat al<\/li>\n<li>Nginx config d\u0259yi\u015f\u0259nd\u0259 h\u0259mi\u015f\u0259 <code>nginx -t<\/code> il\u0259 test et<\/li>\n<li>yenil\u0259nm\u0259 testini vaxta\u015f\u0131r\u0131 yoxla<\/li>\n<li>sonrak\u0131 m\u0259rh\u0259l\u0259d\u0259 security header-l\u0259ri d\u0259 \u0259lav\u0259 et<\/li>\n<\/ul>\n<h2>N\u0259tic\u0259<\/h2>\n<p>Ubuntu 24.04-d\u0259 Nginx \u00fc\u00e7\u00fcn Let&#8217;s Encrypt SSL qurmaq h\u0259m t\u0259hl\u00fck\u0259sizlik, h\u0259m etibar, h\u0259m d\u0259 brauzer uy\u011funlu\u011fu \u00fc\u00e7\u00fcn vacib add\u0131md\u0131r. \u018fg\u0259r sayt\u0131n\u0131z art\u0131q HTTP il\u0259 i\u015fl\u0259yirs\u0259, Certbot bu ke\u00e7idi kifay\u0259t q\u0259d\u0259r rahat edir. \u018fsas m\u0259s\u0259l\u0259 domain, firewall v\u0259 Nginx bazas\u0131n\u0131n d\u00fczg\u00fcn haz\u0131rlanmas\u0131d\u0131r.<\/p>\n<p>Bu m\u0259rh\u0259l\u0259d\u0259n sonra n\u00f6vb\u0259ti m\u0259ntiqli add\u0131m <strong>Nginx security headers<\/strong>, <strong>HSTS<\/strong> v\u0259 ya <strong>reverse proxy il\u0259 app deploy<\/strong> m\u00f6vzular\u0131d\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ubuntu 24.04 server qurduqdan sonra Nginx il\u0259 sayt a\u00e7maq ba\u015flan\u011f\u0131cd\u0131r, amma sayt\u0131n h\u0259qiq\u0259t\u0259n etibarl\u0131 g\u00f6r\u00fcnm\u0259si \u00fc\u00e7\u00fcn n\u00f6vb\u0259ti vacib add\u0131m HTTPS qurmaqd\u0131r. Bu i\u015f \u00fc\u00e7\u00fcn \u0259n praktik v\u0259 geni\u015f istifad\u0259 olunan h\u0259ll\u0259rd\u0259n biri Let&#8217;s Encrypt + Certbot birl\u0259\u015fm\u0259sidir. Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04-d\u0259 Nginx \u00fc\u00e7\u00fcn SSL sertifikat\u0131n\u0131n nec\u0259 quruldu\u011funu, HTTP-d\u0259n HTTPS-\u0259 ke\u00e7idin nec\u0259 edildiyini, avtomatik yenil\u0259nm\u0259nin nec\u0259 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10924,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,41],"tags":[],"class_list":["post-10925","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hosting","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/certbot-nginx-ubuntu-tutorial.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10925","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=10925"}],"version-history":[{"count":0,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10925\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/10924"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=10925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=10925"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=10925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}