How to Install Let’s Encrypt SSL on Ubuntu with Certbot

by Jesse Owens

3 Minutes, 9 Seconds to Read

Free SSL Certificates with Certbot

Let’s Encrypt provides free SSL certificates for your websites to use secure connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSLs on your unmanaged Linux server. Log into SSH as root to begin.

Install Certbot in Ubuntu 20.04

Instead of the older python-certbot-apache package, Certbot now recommends using the snapd package manager to install Certbot in Ubuntu. InMotion Cloud Server Hosting is incompatible with snapd at this time, but Python Installs Packages (PIP) works just as well.

Install Certbot in Ubuntu with Apt

Cloud servers and Dedicated Servers can use the Apt Package Manager to install Certbot.

  1. First, update the package index:
    sudo apt update
  2. Install Certbot on Apache or NGINX:
    sudo apt-get install certbot python3-certbot-apache

    sudo apt-get install certbot python3-certbot-nginx

Install Certbot in Ubuntu with PIP

Cloud server users can install Certbot in Ubuntu with PIP.

  1. First, install PIP: 
    sudo apt install python3 python3-venv libaugeas0
  2. Set up a virtual environment: 
    sudo python3 -m venv /opt/certbot/
    sudo /opt/certbot/bin/pip install --upgrade pip
  3. Install Certbot on Apache (or NGINX): 
    sudo /opt/certbot/bin/pip install certbot certbot-apache
    sudo /opt/certbot/bin/pip install certbot certbot-nginx
  4. Create a symlink to ensure Certbot runs: 
    sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Install Certbot in Ubuntu with snapd

Our Dedicated Server Hosting users can use snapd.

  1. Install snapd: 
    sudo apt install snapd
  2. Ensure you have the latest snapd version installed: 
    sudo snap install core; sudo snap refresh core
  3. Install Certbot with snapd: 
    sudo snap install --classic certbot
  4. Create a symlink to ensure Certbot runs: 
    sudo ln -s /snap/bin/certbot /usr/bin/certbot

Create an SSL Certificate with Certbot

Run Certbot to create SSL certificates and modify your web server configuration file to automatically redirect HTTP requests to HTTPS. Or, add “certonly” to create the SSL certificates without modifying system files (recommended if hosting staging sites that should not be forced to use an SSL).

  1. Choose the best option for your needs.
    Create SSL certs for all domains and configure redirects in the web server: 
    sudo certbot --apache
    sudo certbot --nginx

    Create SSL certs for a specified domain (recommended if you’re using your system hostname): 
    sudo certbot --apache -d example.com -d www.example.com

    Only install SSL certs: 
    sudo certbot certonly --apache
    sudo certbot certonly --nginx
  2. Enter an email address for renewal and security notices.
  3. Agree to the terms of service.
  4. Specify whether to receive emails from EFF.
  5. If prompted, choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all HTTP requests to HTTPS).

SSL Maintenance and Troubleshooting

After you install a Let’s Encrypt certificate on your Ubuntu Certbot setup, you can test your website SSL status at https://WhyNoPadlock.com to identify mixed content errors.

The certificate files for each domain is stored in:

cd /etc/letsencrypt/live

Let’s Encrypt certificates expire after 90 days. To prevent SSLs from expiring, Certbot checks your SSL status twice a day and renews certificates expiring within thirty days. You can view settings with Systemd or cron.d.

systemctl show certbot.timer
cat /etc/cron.d/certbot

Ensure the renewal process works:

sudo certbot renew --dry-run

SSL Improvements

Having an SSL cert and 301 redirects to force HTTPS aren’t always enough to prevent hacks. Cyber attackers have found ways to bypass both security practices to infiltrate server communications. 

HTTP Strict Transport Security (HSTS) is a security HTTP header that addresses this by telling web browsers to only serve your website when received with a valid SSL cert. If the browser receives an insecure connection, it rejects the data altogether to protect the user. It is easy to configure HSTS within your web server (e.g. Apache and NGINX).

Scalable VPS Infrastructure, Fully Managed

When shared hosting can't handle your traffic, VPS delivers dedicated resources that scale with demand. Our team manages the technical complexity while you manage your business.

check markNVMe Storage    check markHigh-Availability    check markIronclad Security    check markPremium Support

VPS Hosting

Share this Article
Related Articles
Troubleshooting SSL Connection Errors: How to Fix HTTPS Issues
What Is SSL and Why Is It Important?
How to Install Let’s Encrypt SSL on Ubuntu with Certbot
Installing SSLs and Generating CSRs in cPanel
Forcing your Website’s visitors to use the shared SSL
How to Manage AutoSSL Certificates in cPanel
Force HTTPS with the .htaccess File
How to Purchase an SSL Certificate for your Dedicated Server
How to Enable a SSL on a WordPress Site
POODLE fix for Internet Explorer: Disabling SSL 3.0

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.