SSLLet's EncryptCertbot5 min read
Configure SSL with Let's Encrypt
Get free SSL certificates from Let's Encrypt with Certbot and enable HTTPS on your domain.
Let's Encrypt provides free SSL/TLS certificates. Certbot automates the process of obtaining and renewing certificates for Nginx and Apache.
Prerequisites
- A domain pointing to your VPS IP (A record configured)
- Nginx or Apache installed and serving your site
- Ports 80 and 443 open in the firewall
Step 1 — Install Certbot
For Nginx:
bash
sudo apt update
sudo apt install certbot python3-certbot-nginx -yFor Apache:
bash
sudo apt install certbot python3-certbot-apache -yStep 2 — Obtain the certificate
For Nginx:
bash
sudo certbot --nginx -d mydomain.com -d www.mydomain.comFor Apache:
bash
sudo certbot --apache -d mydomain.com -d www.mydomain.comCertbot will ask for your email and agreement to terms. It automatically configures your web server for HTTPS.
Step 3 — Verify auto-renewal
Certbot installs a timer that renews certificates automatically. Test it:
bash
sudo certbot renew --dry-runStep 4 — Check certificate status
bash
sudo certbot certificatesManual renewal (if needed)
bash
sudo certbot renewForce renewal
bash
sudo certbot renew --force-renewalTroubleshooting
- Domain not pointing to server: Verify DNS with
dig mydomain.com - Port 80 blocked: Certbot needs port 80 for HTTP challenge. Check
sudo ufw status - Rate limits: Let's Encrypt has rate limits (50 certificates per domain per week)
Security headers (recommended)
After enabling SSL, add security headers to your Nginx config:
nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;Reload Nginx after changes:
bash
sudo systemctl reload nginxWas this guide helpful?