DeluxHost
Back to Docs
Software·2 min read

SSL with Certbot (Let's Encrypt)

How to install a free SSL certificate with Certbot on your server

Let's Encrypt is a free certificate authority that lets you add HTTPS to your site in minutes via Certbot.

02

Prerequisites

  • Domain that correctly points to the server IP
  • Ports 80 and 443 open in the firewall
  • Web server (Nginx or Apache) running
03

Certbot installation

Debian / Ubuntu

bash
apt install certbot -y

# Plugin for Nginx
apt install python3-certbot-nginx -y

# Plugin for Apache
apt install python3-certbot-apache -y

CentOS / AlmaLinux

bash
dnf install certbot -y
dnf install python3-certbot-nginx -y
dnf install python3-certbot-apache -y
04

Get the certificate

With Nginx (automatic)

bash
certbot --nginx -d example.com -d www.example.com

Certbot will automatically modify the Nginx configuration to add HTTPS.

With Apache (automatic)

bash
certbot --apache -d example.com -d www.example.com

Standalone (without web server)

bash
# Stop the web server first
systemctl stop nginx

certbot certonly --standalone -d example.com -d www.example.com

# Restart the web server
systemctl start nginx
05

Automatic renewal

Let's Encrypt certificates last 90 days. Certbot automatically installs a timer for renewal. Verify it works:

bash
# Check the timer
systemctl status certbot.timer

# Test renewal (doesn't actually renew, just simulates)
certbot renew --dry-run
06

Manual renewal

bash
certbot renew
07

View installed certificates

bash
certbot certificates
08

Certificate location

Certificates are saved in:

/etc/letsencrypt/live/example.com/ ├── cert.pem # Certificate ├── chain.pem # Intermediate chain ├── fullchain.pem # Certificate + chain └── privkey.pem # Private key
09

Manual Nginx HTTPS configuration

If you want to configure HTTPS manually without the plugin:

nginx
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com www.example.com;
    root /var/www/example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # ... rest of the configuration
}
10

Common errors

ErrorSolution
Connection refused on port 80Check that firewall allows port 80
DNS not propagatedWait for DNS propagation before requesting certificate
Rate limit exceededLet's Encrypt has limits: max 5 certificates per domain every 7 days

Related articles

Software

Package Installation

How to install, update and remove software on your Linux server

2 min read
Software

Web Server: Nginx

Installation and basic configuration of Nginx on your server

2 min read
Software

Web Server: Apache

Installation and basic configuration of Apache on your server

2 min read
Back to Docs

DeluxHost, founded in 2023, offers high-quality hosting solutions for various digital needs. We provide shared hosting, VPS, and dedicated servers with advanced security and global data centers.

© DeluxHost, All rights reserved. | VAT Number : IT17734661006
All Systems Operational

Products

VPSPlus VPSVDSPlus VDSDedicatedGame ServersDeals

About us

Contact usInfrastructureNetworkAnti-DDoS

Legal

Terms of ServicePrivacy PolicyFair use policySLA

Other

Service StatusSubmit a ticketControl panelDedicated panelLooking Glass