Static VPS Guide

HTTPS, Certbot, and Cloudflare DNS for VPS Static Sites

HTTPS should come after DNS points to the VPS and Nginx can already serve the site over plain HTTP, so certificate issuance starts from a known-good setup.

DNS records to prepare

Create A records for the root domain and www host, then verify resolution before requesting a certificate.

Certbot readiness

Use Certbot only after HTTP works, test the resulting Nginx config, and confirm renewal with a dry run.

Cloudflare notes

Start DNS-only while issuing the first certificate, then use Full (strict) mode after the VPS origin certificate is valid.