Overview
Here are the detailed steps for installing and using free SSL certificates with Let’s Encrypt (via Certbot) for Nginx, Apache, and Caddy.
1. Nginx
Step 1: Install Certbot and Nginx Plugin
On Ubuntu/Debian:
sudo apt update
sudo apt install certbot python3-certbot-nginx
On CentOS/RHEL:
sudo yum install certbot python3-certbot-nginx
Step 2: Obtain SSL Certificate
sudo certbot --nginx -d example.com -d www.example.com
- Replace
example.comwith your domain name. - Certbot will automatically configure your Nginx server block to use SSL.
Step 3: Verify Installation
Check your Nginx configuration:
sudo nginx -t
Reload Nginx to apply changes:
sudo systemctl reload nginx
Step 4: Automatic Renewal
Certbot automatically sets up a renewal cron job. You can test it with:
sudo certbot renew --dry-run
2. Apache
Step 1: Install Certbot and Apache Plugin
On Ubuntu/Debian:
sudo apt update
sudo apt install certbot python3-certbot-apache
On CentOS/RHEL:
sudo yum install certbot python3-certbot-apache
Step 2: Obtain SSL Certificate
sudo certbot --apache -d example.com -d www.example.com
- This automatically configures your Apache Virtual Host for SSL.
Step 3: Verify Installation
Check your Apache configuration:
sudo apachectl configtest
Reload Apache to apply changes:
sudo systemctl reload apache2 # Ubuntu/Debian
sudo systemctl reload httpd # CentOS/RHEL
Step 4: Automatic Renewal
Certbot sets up automatic renewal. Test it with:
sudo certbot renew --dry-run
3. Caddy
Caddy has built-in support for Let’s Encrypt and automatically handles SSL certificates.
Step 1: Install Caddy
sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
Step 2: Configure Caddyfile
Edit the Caddyfile:
sudo nano /etc/caddy/Caddyfile
Example configuration:
example.com {
root * /var/www/example
file_server
}
- Caddy automatically requests an SSL certificate for the domain specified in the Caddyfile.
- It uses HTTP-01 challenge, so make sure your domain’s DNS is pointing to the server’s IP.
Step 3: Start and Enable Caddy
sudo systemctl enable caddy
sudo systemctl start caddy
Step 4: Verify SSL Installation
Visit https://example.com in your browser. The SSL certificate should be active.
Automatic Renewal in Caddy
Caddy automatically renews SSL certificates before they expire, so no additional configuration is needed for renewal.
Recommendations and Tips:
- Nginx and Apache: Use Certbot as it automatically configures SSL and sets up renewals.
- Caddy: It’s the simplest option since it manages SSL certificates natively without needing additional tools.
- Always ensure your DNS settings are correctly pointing to your server before requesting certificates.