Skip to content

Installing SSL Certificate with Certbot

Certbot is a free, open-source tool from the Electronic Frontier Foundation (EFF) that automates the process of obtaining and renewing SSL/TLS certificates from Let's Encrypt.

This step is optional. If you already have a paid SSL certificate from a provider (e.g., Comodo, DigiCert, GoDaddy), you can skip this guide and use your existing certificate. However, if you do not have a paid certificate, Certbot with Let's Encrypt is an excellent free alternative.


1. Install Certbot

Ubuntu / Debian

bash
sudo apt update
sudo apt install certbot python3-certbot-nginx

CentOS / RHEL

bash
sudo yum install certbot python3-certbot-nginx

2. Obtain an SSL Certificate

Before issuing a certificate, make sure that:

  • Your domain name (e.g., example.com) points to your server's IP address.
  • Nginx is installed and running.
  • Port 80 and 443 are open in your firewall.

Run the following command to obtain and automatically configure the certificate for Nginx:

bash
sudo certbot --nginx -d example.com -d www.example.com

WARNING

Before running this command, make sure that you already have Nginx installed and running See Nginx guide as well as you have completed ColibriPlus HTTP configuration

⚠️ Replace example.com with your actual domain name.

Certbot will:

  1. Verify domain ownership.
  2. Obtain the SSL certificate from Let's Encrypt.
  3. Automatically configure your Nginx server block to use HTTPS.
  4. Set up a redirect from HTTP to HTTPS.

3. Verify the Certificate

After installation, you can verify that the certificate is working by visiting your domain in the browser:

https://example.com

You can also test the certificate with:

bash
sudo certbot certificates

4. Auto-Renewal

Let's Encrypt certificates are valid for 90 days. Certbot installs a systemd timer (or cron job) that automatically renews certificates before they expire.

You can test the renewal process with:

bash
sudo certbot renew --dry-run

To check the status of the auto-renewal timer:

bash
sudo systemctl status certbot.timer

If everything above is done correctly, your SSL certificate will be installed and your site will be accessible over HTTPS.

Developed by Mansur Terla. www.terla.me