What Is Let's Encrypt?
Let's Encrypt is a free, automated Certificate Authority that provides SSL/TLS certificates. Certificates auto-renew every 90 days via the Certbot tool.
Install Certbot
# Ubuntu/Debian with Nginx
sudo apt install -y certbot python3-certbot-nginx
# Ubuntu/Debian with Apache
sudo apt install -y certbot python3-certbot-apache
# Rocky/Alma Linux with Nginx
sudo dnf install -y certbot python3-certbot-nginxObtain a Certificate (Nginx)
sudo certbot --nginx -d example.com -d www.example.comCertbot automatically modifies your Nginx configuration to enable SSL.
Obtain a Certificate (Apache)
sudo certbot --apache -d example.com -d www.example.comStandalone Mode (No Web Server)
sudo certbot certonly --standalone -d example.comWildcard Certificates
sudo certbot certonly --manual --preferred-challenges dns -d "*.example.com" -d example.comYou will need to create a DNS TXT record for verification.
Auto-Renewal
Certbot installs a systemd timer for automatic renewal:
# Check renewal timer
sudo systemctl status certbot.timer
# Test renewal
sudo certbot renew --dry-run
# Force renewal
sudo certbot renew --force-renewalCertificate Locations
/etc/letsencrypt/live/example.com/fullchain.pem # Certificate + chain
/etc/letsencrypt/live/example.com/privkey.pem # Private keyTroubleshooting
- Ensure port 80 is open (HTTP challenge requires it)
- DNS must point to your server before requesting
- Rate limits: 50 certificates per domain per week