Quick n dirty

do these things in this order or they wont work make sure the domain name doesn't point anywhere else or have something you forgot to delete (like i did and then couldnt get the authentication from certbot...)

first install nginx

sudo apt install nginx

install certbot plugin

sudo apt-get install python3-certbot-nginx

get certificate for your domain name

sudo certbot certonly --nginx

replace default nginx config

cd /etc/nginx/sites-available
sudo nano default

server {
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    server_name example.com;

 location / {

            proxy_pass http://your.ip.adress:5000;
            proxy_set_header X-Real-IP $remote_addr;
        }
}


server {
    listen 80;

    server_name example.com;

    return 302 https://$server_name$request_uri;
}

replace every instance "example.com" with your domain name and "your.ip.address" with the ip address of your server (not domain name)

make sure the port you enter here is the port you use for waitress (default is 5000 i think but just make sure it matches it doesnt matter what. dont use 80 if you have been doing before now)

go to tmux window where waitress is and run waitress

detach from tmux and reload nginx

sudo systemxtl status nginx

everything should be working :)