How to Install Let’s Encrypt SSL Certificates Using Certbot (Step-by-Step Guide)

March 02, 2026 , , , , , , , , , , ,





Securing your website with HTTPS is no longer optional. Search engines prioritize secure websites, browsers warn users about insecure pages, and visitors expect their data to be protected. Fortunately, Let's Encrypt provides free SSL/TLS certificates, and Certbot makes installation simple and automated.

In this guide, you’ll learn how to install Certbot and generate a Let’s Encrypt SSL certificate on a Linux server, with support for Nginx and Apache, plus automatic renewal.

Why HTTPS Matters for SEO

Enabling HTTPS provides several SEO and performance benefits:

  • ✅ HTTPS is a Google ranking factor

  • ✅ Increased user trust and lower bounce rates

  • ✅ Protection against data interception

  • ✅ Required for modern browser features (HTTP/2, PWAs)

If your site still runs on HTTP, you’re already behind.

Prerequisites

Before installing Certbot, make sure you have:

  • A registered domain name (e.g. example.com)

  • DNS records pointing to your server IP

  • Ports 80 and 443 open

  • A Linux server (Ubuntu 20.04+ recommended)

  • Root or sudo access

Step 1: Install Certbot (Official Method)

The recommended way to install Certbot is via Snap, which ensures you always have the latest version.

sudo apt update
sudo apt install snapd -y
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Verify installation:

certbot --version

Step 2: Generate a Let’s Encrypt SSL Certificate

For Nginx

sudo certbot --nginx

For Apache

sudo certbot --apache

Certbot will automatically:

  • Detect your domain configuration

  • Issue the SSL certificate

  • Configure HTTPS

  • Enable HTTP → HTTPS redirects

Step 3: Manual SSL Certificate Creation (Advanced)

If you’re running Docker, Node.js, or a custom server:

sudo certbot certonly --standalone -d example.com -d www.example.com

Your certificates will be stored in:

/etc/letsencrypt/live/example.com/

Key files:

  • fullchain.pem

  • privkey.pem

Step 4: Enable Automatic SSL Renewal

Let’s Encrypt certificates are valid for 90 days, but Certbot renews them automatically.

Test renewal:

sudo certbot renew --dry-run

A system timer is created automatically, so no cron job is needed.

Step 5: Verify HTTPS Installation

Run:

curl -I https://example.com

Or open your site in a browser and confirm the 🔒 padlock icon appears.

Common Errors and Fixes

Timeout or connection refused
→ Ensure ports 80 and 443 are open in your firewall.

Invalid domain error
→ Confirm DNS records point to your server.

Certbot can’t find configuration
→ Use certonly --standalone mode.

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
Theme images by chuwy. Powered by Blogger.