Install a free Let’s Encrypt SSL certificate on your VPS with Certbot (Nginx/Apache)

Let’s Encrypt provides free SSL/TLS certificates, and Certbot is the most common tool to issue and renew them automatically.

Prerequisites

• Your domain must point to your VPS public IP (A/AAAA record).
• Ports 80 (HTTP) and 443 (HTTPS) must be open in your firewall/security group.
• You need a running web server (Nginx or Apache) and SSH access to the VPS.

1) Install Certbot (recommended method)

Certbot installation depends on your OS and web server. The safest approach is to use the official instructions and select your exact environment:

https://certbot.eff.org/

Below is a common example for Ubuntu using Snap (may vary by version):

sudo apt update
sudo apt -y install snapd
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

2) Issue the certificate

Nginx example:

sudo certbot --nginx -d example.com -d www.example.com

Apache example:

sudo certbot --apache -d example.com -d www.example.com

Certbot will ask for an email address and whether you want to redirect HTTP to HTTPS.

3) Test renewal

Let’s Encrypt certificates are short-lived and should renew automatically. Test with:

sudo certbot renew --dry-run

Troubleshooting notes

• If validation fails, double-check DNS (A record) and that port 80 is reachable from the internet.
• If you use Cloudflare proxy (orange cloud), switch it to DNS-only during issuance, or use DNS validation.
• If your web server uses a custom config, you may need to choose a different Certbot plugin/mode.