When I first built a website, I didn’t know how important SSL was. I thought it was only for online stores or banks. But then I saw the browser warning that said “Not Secure.” That didn’t look good.
If you’re running a website on Apache, getting an SSL certificate is a smart move. And the good news? Let’s Encrypt gives it to you for free.
In this guide, I’ll walk you through how to install a free SSL certificate from Let’s Encrypt on your Apache web server. I’ll keep it simple and explain what’s happening along the way.
What Is SSL, and Why Should You Use It?
SSL (Secure Sockets Layer) helps protect the data that moves between your website and your visitors. It does this by encrypting the traffic.
You’ve probably seen a little padlock in your browser when you visit secure sites. That’s SSL in action.
Here’s why SSL matters:
- It keeps login info, contact forms, and other data private.
- It makes your website look more trustworthy.
- Google gives a small boost in search rankings to secure sites.
- Some browsers even block non-SSL sites or show warnings.
So if your site is still running on HTTP instead of HTTPS, now’s a good time to switch.
Let’s Encrypt makes this easy and free.
What Is Let’s Encrypt?
Let’s Encrypt is a free, automated certificate authority (CA). It gives out SSL certificates that are trusted by most browsers.
In the past, you had to pay for SSL. You’d get a certificate file, upload it to your server, and renew it every year. That process was slow and sometimes confusing.
Let’s Encrypt changed all that. With tools like Certbot, you can install and renew SSL certificates with just a few commands.
What You Need Before You Start
Before installing Let’s Encrypt SSL, make sure you have these things ready:
- A server running Apache (Debian, Ubuntu, or CentOS will work)
- A domain name pointed to your server’s IP
- Root access or sudo privileges
If you don’t have a domain name yet, Let’s Encrypt won’t work, since it needs to verify ownership through DNS or HTTP.
Do you already have Apache installed and working? If you’re not sure, visit your domain in a browser. If you see an Apache welcome page or your website, you’re good.
Step 1: Install Certbot
Certbot is the tool that talks to Let’s Encrypt and helps install the certificate on your server.
On Ubuntu or Debian:
Update your system and install Certbot:
sudo apt update
sudo apt install certbot python3-certbot-apache -y
On CentOS (7 or 8):
First, enable EPEL (Extra Packages for Enterprise Linux):
sudo yum install epel-release -y
Then install Certbot:
sudo yum install certbot python3-certbot-apache -y
If you’re on CentOS 8 or using dnf, replace yum with dnf.
Certbot is now ready to go.
Step 2: Get Your SSL Certificate
Now it’s time to run Certbot.
Use this command:
sudo certbot --apache
Certbot will:
- Ask you which domain you want to secure (if you have more than one).
- Ask if you want to redirect HTTP to HTTPS. I usually say yes.
- Contact Let’s Encrypt, verify your domain, and install the certificate.
If all goes well, your site will now have SSL. Open your domain in a browser and you should see the padlock.
Troubleshooting Tip:
If Certbot can’t verify your domain, check your DNS settings. Make sure your domain points to your VPS IP address.
Step 3: Test Your SSL
After the certificate is installed, you should test it.
Go to this site:
https://www.ssllabs.com/ssltest/
Type your domain and run the test. It checks:
- If your certificate is trusted
- If your server setup is secure
- What protocols and ciphers are used
I try to aim for an A grade. If you get anything lower, read the suggestions they give.
Step 4: Set Up Auto-Renew
Let’s Encrypt certificates expire every 90 days. But don’t worry — Certbot can auto-renew them.
Most systems install a cron job or systemd timer to do this automatically. You can test it with:
sudo certbot renew --dry-run
If that works, your server will renew the SSL certificate before it expires.
You don’t have to do anything else.
Benefits of Using Let’s Encrypt
Here’s why I prefer Let’s Encrypt over paid certificates:
- It’s free — no yearly fees
- It’s automated — no manual renewals
- It’s trusted — works with all major browsers
- It’s quick — install and renew in seconds
Paid certificates sometimes offer more support or extended validation, but for most personal websites and blogs, Let’s Encrypt is more than enough.
Two Quick Lists
Before Installing:
- Make sure Apache is installed and running
- Check your domain points to your server IP
- Install Certbot (the Let’s Encrypt helper tool)
- Open port 80 (HTTP) and 443 (HTTPS) in your firewall
After Installing:
- Visit your domain in a browser (look for the padlock)
- Test SSL using ssllabs.com
- Set up auto-renew with Certbot
- Use HTTPS in your WordPress or site settings
Comparing Let’s Encrypt and Paid SSL
Some people ask me, “Is Let’s Encrypt as good as paid SSL?”
Here’s how I see it:
| Feature | Let’s Encrypt | Paid SSL |
|---|---|---|
| Cost | Free | $10–$200+ per year |
| Setup Time | Fast | Slower (manual upload) |
| Auto Renewals | Yes | Rarely |
| Trust Level | Trusted | Trusted |
| Extra Features | None | Sometimes (like EV green bar) |
I’ve used both. For most websites, Let’s Encrypt is perfect. The only time I’d use a paid certificate is for a large company that needs more verification.
Final Thoughts
Installing SSL doesn’t have to be confusing. Thanks to Let’s Encrypt and Certbot, you can set it up in minutes.
Let’s recap:
- You installed Certbot
- You ran it with Apache
- You tested your SSL
- You set it to auto-renew
Now your visitors can browse your site safely. No more “Not Secure” warnings. And no need to pay for SSL again.
Do you have more than one site? You can run Certbot again for each domain.
If you’d like help setting up SSL for Nginx, I can write a guide for that too.
What kind of site are you building? Let me know — I might have more tips that fit your setup.
