Last year, I helped a friend set up a small website for his bakery. It looked good, loaded fast, and had everything it needed — except one thing: it didn’t use HTTPS. That little padlock in the browser bar was missing. He asked me, “Is that bad?” I said, “Kind of. It means the site isn’t secure.”
So, we installed Certbot, a tool that gives websites SSL certificates for free. Within minutes, the site had HTTPS and that little padlock. He was happy, and I felt good for helping.
If you’re running your own website on a Linux server, you should do the same. In this post, I’ll show you how to install Certbot and set it up to renew your SSL certificate automatically. It’s not hard, and you don’t need to be an expert.
Let’s get started.
What Is SSL?
SSL stands for Secure Sockets Layer. It’s a technology that encrypts the connection between your website and your visitors.
When you see a website with “https://” and a padlock in the address bar, that means it’s using SSL. It helps keep data safe from hackers or snooping.
Without SSL, web browsers might show a warning that your site is “Not Secure.” That can scare people away. You don’t want that, right?
What Is Certbot?
Certbot is a free tool that helps you get SSL certificates from Let’s Encrypt — also free. It also makes sure those certificates get renewed automatically.
Why is that important?
Because SSL certificates expire. Usually in 90 days. If you forget to renew, your site could break or lose trust. Certbot takes care of that for you.
Step 1: Update Your Server
Before installing anything, let’s make sure your system is up to date.
Log into your server with SSH. Then run:
sudo apt update
sudo apt upgrade
If you’re using CentOS, Rocky, or AlmaLinux, use:
sudo yum update
This step makes sure everything on your server is fresh and ready.
Step 2: Install Certbot
Certbot can work with many types of web servers, like Apache and Nginx. I’ll show you both.
For Ubuntu/Debian with Apache:
sudo apt install certbot python3-certbot-apache
For Ubuntu/Debian with Nginx:
sudo apt install certbot python3-certbot-nginx
For CentOS or RHEL-based systems with Nginx:
sudo yum install epel-release
sudo yum install certbot python3-certbot-nginx
If you’re using a different Linux distro, the steps might be slightly different, but Certbot supports most of them.
Step 3: Get Your SSL Certificate
Now comes the fun part — getting your free SSL.
Make sure your domain name is already pointing to your server. You can check using a tool like ping
or a DNS checker.
Then run this command:
If you use Nginx:
sudo certbot --nginx
If you use Apache:
sudo certbot --apache
Certbot will ask you a few questions. It might ask:
- Which domain you want to use (choose from the list).
- If you want to redirect all traffic to HTTPS (say yes).
Once it’s done, it should say something like “Congratulations! Your certificate is installed.”
Try opening your site in a browser with “https://” and check for the padlock. It should be there now.
Step 4: Test Auto-Renewal
Remember, Let’s Encrypt certificates only last 90 days. Certbot sets up auto-renew by default using cron or systemd timers.
But let’s be safe and test it.
Run this command:
sudo certbot renew --dry-run
If it works without errors, that means your server can renew the certificate on its own. You’re good to go.
What If You’re Not Using Apache or Nginx?
You can still use Certbot, but the setup is more manual.
You’ll use something called the standalone mode:
sudo certbot certonly --standalone -d yourdomain.com
Certbot will stop any services using port 80 during the process. So make sure your web server is not running, or use this only during maintenance.
After that, you’ll need to manually install the certificate into your app or server.
Why Auto-Renew Is Important
Let’s imagine this: you forget to renew your SSL certificate. One morning, your visitors see a scary message: “This site is not secure.” Some won’t click through. Some won’t come back.
That’s why auto-renew matters. It saves you stress, protects your visitors, and keeps your site looking professional.
And because Certbot handles it for you, you don’t need to set calendar reminders or log in every 3 months.
Two Helpful Lists
Things You Need Before Installing Certbot:
- A Linux server (Ubuntu, Debian, CentOS, etc.)
- A domain name pointed to your server
- A working web server (like Apache or Nginx)
- SSH access (your login)
Common Certbot Commands to Remember:
certbot --nginx
– auto-installs SSL for Nginxcertbot --apache
– auto-installs SSL for Apachecertbot renew
– renew all certificatescertbot certificates
– see installed certscertbot delete
– remove a cert you no longer need
Proof That It Works
I’ve used Certbot on dozens of websites. Big ones, small ones, even some that only get 10 visits a month. It always works as long as the domain points to the server.
One of my favorite things is checking in after months and seeing that the SSL is still valid — without me touching anything.
If you ever want to double-check, you can use a tool like SSL Labs to test your domain. It’ll show you if the certificate is trusted and up to date.
Wrapping Up
Installing Certbot and setting up auto-renew is one of the easiest and most helpful things you can do for your website.
It’s free, takes just a few minutes, and makes your site safer and more trusted.
If you’re still unsure, ask yourself:
- Do I want people to feel safe on my site?
- Do I want search engines to take my site seriously?
- Do I want one less thing to worry about?
If the answer is yes, go install Certbot today.