Description: Learn how to secure your VPS with a free SSL certificate from Let’s Encrypt. This guide walks you through installing Certbot, setting up HTTPS for Apache or Nginx, and enabling auto-renewal.
How to Secure Your VPS with Let’s Encrypt SSL: A Step-by-Step Guide
Want to make your website more secure and get that little 🔒 lock in the browser? Let’s Encrypt offers free SSL certificates, and it only takes a few minutes to set up.
Whether you use Apache or Nginx, this guide has you covered.
🔹 Step 1: Prerequisites
Before installing SSL:
- You must own a domain name (e.g.,
exampledomain.com)
- Your domain must already point to your VPS IP address using A records
- Your web server (Apache or Nginx) must be installed and serving the site on port 80
🔹 Step 2: Install Certbot and the Web Server Plugin
On Ubuntu 20.04/22.04/24.04:
bash
sudo apt update
sudo apt install certbot python3-certbot-apache # For Apache
or
bash
sudo apt install certbot python3-certbot-nginx # For Nginx
🔹 Step 3: Obtain the SSL Certificate
Let’s say your domain is exampledomain.com.
For Apache:
bash
sudo certbot --apache -d exampledomain.com -d www.exampledomain.com
For Nginx:
bash
sudo certbot --nginx -d exampledomain.com -d www.exampledomain.com
- Certbot will automatically edit your config files, request the certificate, and reload your server.
- You’ll be asked for an email (for renewal notices) and to agree to terms.
If successful, your site will now be accessible via https://exampledomain.com.
🔹 Step 4: Test the HTTPS Setup
Open your browser and go to:
https://exampledomain.comhttps://www.exampledomain.com
You should see the secure padlock icon and no browser warnings.
You can also check using:
🔹 Step 5: Enable Auto-Renewal (Optional but Recommended)
Let’s Encrypt certificates are only valid for 90 days, but Certbot can auto-renew them.
You can test the renewal process:
bash
sudo certbot renew --dry-run
This verifies that your renewal works correctly and is set up via a systemd timer (certbot.timer), which runs twice a day by default.
🔹 Bonus: Force Redirect HTTP to HTTPS (Apache or Nginx)
Apache Example:
Certbot often does this automatically, but if not, add this inside your <VirtualHost *:80> block:
apache
Redirect permanent / https://exampledomain.com/
Nginx Example:
Add this server block:
nginx
server {
listen 80;
server_name exampledomain.com www.exampledomain.com;
return 301 https://$host$request_uri;
}
Common Errors & Fixes
ProblemLikely FixCertbot can't reach your domainA record not set, or firewall blocks port 80SSL appears invalidWrong domain in certbot commandAuto-renewal not workingCheck cron jobs or systemd timerBrowser still shows HTTPForce HTTPS redirect not set up properly
✅ Conclusion
You’ve now secured your domain with a free SSL certificate from Let’s Encrypt and set it to renew automatically. Whether you're hosting a blog, app, or landing page, this small step dramatically improves your site's trust and security.
Ready to move on to advanced hardening (e.g., HSTS, TLS settings, or firewall rules)? Just let me know and I can guide you through it. 🔐