Install certbot Ubuntu20, nginx:
sudo apt install certbot python3-certbot-nginx

Add new domain (currently used line for install all webs on New Laravel Server)
$ sudo certbot --nginx -d example.com -d www.example.com


List of all certificates:
sudo certbot certificates

Delete Cert:
certbot delete

List of certificates to delete. Choose one after this command
certbot delete

Renew
sudo certbot renew --dry-run

.htaccess rule for redirect:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Install on Server
Free SSL Ubuntu 20:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04 
Free ssl ubuntu nginx (Let’s encrypt - certbot):
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 
How to turn on www. Of domain to ssl too?
Add “www” as A record for that domain

Great tool to check DNS:
https://dnschecker.org/#A/www.ardogaparts.com 

On Hostings
Force .htaccess
https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/ 
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


INSTALL id_rsa for Mac:


Generate:
ssh-keygen -t rsa

Copy to clipboard on Ubuntu:
$ cat < ~/.ssh/id_rsa.pub

Copy to clipboard on MAC:
$ pbcopy < ~/.ssh/id_rsa.pub

https://docs.joyent.com/public-cloud/getting-started/ssh-keys/generating-an-ssh-key-manually/manually-generating-your-ssh-key-in-mac-os-x 





FREE SERTIFICATE


Download ACME soft for ubuntu server, install
https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx

Enter email:
hostmaster@domain



PAID SERTIFICATE
create serts:
$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

they will be created in filesystem  ‘/root’


Serveriai.lt procedure
Create redirect: 
hostmaster@ratalis.lt -> ssladmin@sertifikatai.lt
It needs to be active all the time while certificate is active. You can see it in SSL certificate options on klientams.iv.lt




From where get these nginx.crt, nginx.key?
server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name your_domain.com;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location / {
                try_files $uri $uri/ =404;
        }
}