Introduction
Let's Encrypt provides free SSL/TLS certificates. Certbot automates the process of obtaining and renewing certificates, enabling HTTPS on your websites.
Install Certbot
sudo apt update
sudo apt install -y certbotInstall the appropriate plugin:
# For Nginx
sudo apt install -y python3-certbot-nginx
# For Apache
sudo apt install -y python3-certbot-apacheObtain a Certificate
# Nginx (automatic configuration)
sudo certbot --nginx -d example.com -d www.example.com
# Apache (automatic configuration)
sudo certbot --apache -d example.com -d www.example.com
# Standalone (if no web server running)
sudo certbot certonly --standalone -d example.comCertificate Location
/etc/letsencrypt/live/example.com/
├── fullchain.pem # Certificate + intermediate
├── privkey.pem # Private key
├── cert.pem # Certificate only
└── chain.pem # Intermediate certificateAuto-Renewal
Certbot installs a systemd timer for automatic renewal:
# Test renewal
sudo certbot renew --dry-run
# Check timer status
systemctl status certbot.timer
# Certificates renew automatically 30 days before expiryWildcard Certificates
# Requires DNS validation
sudo certbot certonly --manual --preferred-challenges dns \
-d "*.example.com" -d example.comYou will be prompted to create a TXT record at _acme-challenge.example.com.