How to Install and Renew SSL Certificates Using Let’s Encrypt

Why SSL Certificates Matter
SSL/TLS certificates encrypt data between your website and visitors, shown by the 🔒 padlock icon in browsers. Without one, browsers mark your site as “Not Secure.” Let’s Encrypt provides free, automated certificates trusted globally—perfect for securing your site affordably.

✅ Prerequisites

Before starting, ensure you have:

1. Server access: SSH access to your Linux server (Ubuntu/CentOS used in examples).
2. Domain control: Ability to modify DNS records (A/AAAA records pointing to your server IP).
3. Open ports: HTTP/80 and HTTPS/443 must be accessible (check with sudo ufw status).
4. Web server: Apache or Nginx installed.

🛠 Step 1: Install Certbot (Let’s Encrypt Client)

Certbot automates certificate setup. Install it via:

For Ubuntu/Apache:

sudo apt update  
sudo apt install certbot python3-certbot-apache  

For CentOS/Apache:

sudo dnf install certbot python3-certbot-apache  

For Nginx (any OS):
Replace python3-certbot-apache with python3-certbot-nginx.

📝 Step 2: Obtain Your First Certificate

Run Certbot to fetch and install the certificate:

Apache Users:

sudo certbot --apache  

Nginx Users:

sudo certbot --nginx  

➡️ Certbot will:

1. Ask for your email (for renewal alerts).
2. List detected domains—select yours with spacebar.
3. Redirect HTTP → HTTPS? Choose 2 (Secure + Redirect).

✅ Success message? Visit https://yourdomain.com to see the padlock!

⚠️ Troubleshooting Common Issues

• Port 80 blocked? Temporarily open it: sudo ufw allow 80.
• “Failed to connect” error? Double-check DNS propagation (ping yourdomain.com).
• Web server not detected? Ensure Apache/Nginx is running (sudo systemctl status apache2).

🔄 Step 3: Configure Automatic Renewal

Let’s Encrypt certificates expire every 90 days. Certbot auto-renews them, but verify:

1. Test renewal manually:

   sudo certbot renew --dry-run  

2. If successful, add a cron job to renew daily:

   echo "0 0 * * * /usr/bin/certbot renew --quiet" | sudo tee -a /etc/crontab > /dev/null  

💡 Why daily? Renewals only proceed if expiration is 📚 Resources:
> – Official Certbot Documentation
> – Let’s Encrypt Community
> – SSL Checker to verify installation.

🔒 Stay secure! Your users—and Google—will thank you.