How to install Free SSL on Linux

Let’s Encrypt provides free SSL certificates for your websites to use secure connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSL on your unmanaged Linux server. Log into SSH as root to begin.

Install Certbot in Ubuntu with snapd

Our Dedicated Server Hosting users can use snapd.

  • Install snapd:
  • sudo apt install snapd
  • Ensure you have the latest snapd version installed:
  • sudo snap install core; sudo snap refresh core
  • Install Certbot with snapd:
  • sudo snap install --classic certbot
  • Create a symlink to ensure Certbot runs:
    sudo ln -s /snap/bin/certbot /usr/bin/certbot

Obtaining a ssl certificate with certbot

Once Certbot is installed, you can use it to obtain a certificate. To do this, run the following command:

Choose the best option for your needs.
Create SSL certs for all domains and configure redirects in the web server:

sudo certbot --apache
sudo certbot --nginx

Create SSL certs for a specified domain (recommended if you’re using your system hostname):

sudo certbot --apache -d example.com -d www.example.com

Only install SSL certs:

      sudo certbot certonly --apache
  • sudo certbot certonly --nginx
  • Enter an email address for renewal and security notices.
  • Agree to the terms of service.
  • Specify whether to receive emails from EFF.
  • If prompted, choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all HTTP requests to HTTPS).

After you install a Let’s Encrypt certificate on your Ubuntu Certbot setup, you can test your website SSL status at https://WhyNoPadlock.com to identify mixed content errors.

The certificate files for each domain is stored in:

cd /etc/letsencrypt/live

Let’s Encrypt certificates expire after 90 days. To prevent SSLs from expiring, Certbot checks your SSL status twice a day and renews certificates expiring within thirty days. You can view settings with Systemd or cron.d.

systemctl show certbot.timer
cat /etc/cron.d/certbot

Ensure the renewal process works:

sudo certbot renew --dry-run

Was this article helpful?

Yes No

Related Articles