VPS Plans HelpDesk Services MARKETPLACE Tutorials Support My Account
Home / Linux / How to Enable HTTPS with Certbot (Let’s Encrypt)

How to Enable HTTPS with Certbot (Let’s Encrypt)

Enable free HTTPS certificates with Certbot for Nginx or Apache, verify renewal, and avoid common pitfalls.

Views: 22 Unique: 17 Updated: 2026-03-20

What this is

Certbot is the official client to obtain and renew free TLS certificates from Let’s Encrypt.

What it is for

  • Encrypt traffic (HTTPS)
  • Improve security and trust
  • Enable modern browser requirements

Prerequisites (do not skip)

  • A domain name pointing to your server public IP (A/AAAA records)
  • Ports 80 and 443 open in firewall
  • Nginx or Apache installed and serving the domain

Step-by-step

Step 1) Open firewall ports (if not already)

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Step 2) Install Certbot

Ubuntu/Debian (snap method):

sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

RHEL-based:

sudo dnf install -y certbot

Step 3) Obtain and install certificate (choose your web server)

Nginx:

sudo certbot --nginx -d example.com -d www.example.com

Apache:

sudo certbot --apache -d example.com -d www.example.com

Expected output: Certbot asks for email, ToS, then configures HTTPS. It ends with success messages and certificate paths.

Step 4) Test automatic renewal

sudo certbot renew --dry-run

Expected output: Congratulations, all renewals succeeded.

Warnings & notes

  • If DNS is not pointing correctly, validation will fail.
  • Do not block port 80: Let’s Encrypt uses HTTP validation for most simple setups.

Final verification

curl -I https://example.com

Conclusion

You enabled HTTPS with a free Let’s Encrypt certificate and verified renewal. Keep ports and DNS correct to avoid renewal failures.

Back to category