Installing SSL Certificate with Certbot
Certbot is a free, open-source tool from the Electronic Frontier Foundation (EFF) that automates the process of obtaining and renewing SSL/TLS certificates from Let's Encrypt.
This step is optional. If you already have a paid SSL certificate from a provider (e.g., Comodo, DigiCert, GoDaddy), you can skip this guide and use your existing certificate. However, if you do not have a paid certificate, Certbot with Let's Encrypt is an excellent free alternative.
1. Install Certbot
Ubuntu / Debian
sudo apt update
sudo apt install certbot python3-certbot-nginxCentOS / RHEL
sudo yum install certbot python3-certbot-nginx2. Obtain an SSL Certificate
Before issuing a certificate, make sure that:
- Your domain name (e.g.,
example.com) points to your server's IP address. - Nginx is installed and running.
- Port 80 and 443 are open in your firewall.
Run the following command to obtain and automatically configure the certificate for Nginx:
sudo certbot --nginx -d example.com -d www.example.comWARNING
Before running this command, make sure that you already have Nginx installed and running See Nginx guide as well as you have completed ColibriPlus HTTP configuration
⚠️ Replace
example.comwith your actual domain name.
Certbot will:
- Verify domain ownership.
- Obtain the SSL certificate from Let's Encrypt.
- Automatically configure your Nginx server block to use HTTPS.
- Set up a redirect from HTTP to HTTPS.
3. Verify the Certificate
After installation, you can verify that the certificate is working by visiting your domain in the browser:
https://example.comYou can also test the certificate with:
sudo certbot certificates4. Auto-Renewal
Let's Encrypt certificates are valid for 90 days. Certbot installs a systemd timer (or cron job) that automatically renews certificates before they expire.
You can test the renewal process with:
sudo certbot renew --dry-runTo check the status of the auto-renewal timer:
sudo systemctl status certbot.timerIf everything above is done correctly, your SSL certificate will be installed and your site will be accessible over HTTPS.