Install CertBot on Apache webserver for Free SSL Certificate with Let's Encrypt

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites. It launched on April 12, 2016.

Step1: Install CertBot

Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
Certbot is made by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation.

Is Certbot right for me?

If you’re looking to add the security and privacy benefits of an HTTPS certificate to your website, you may not need Certbot. Many hosting providers have internal tools to enable HTTPS. Before using Certbot, check if your hosting provider is one of them.

Certbot might be right for you if you:
  • have comfort with the command line
  • have an HTTP website that’s already online with port 80 open
  • and administer your website via a dedicated server, virtual private server or cloud-hosted server
  • which you can access via SSH, and have the ability to sudo

Certbot is part of EFF’s larger effort to encrypt the entire Internet. Websites need to use HTTPS to secure the web. Along with HTTPS Everywhere, Certbot aims to build a network that is more structurally private, safe, and protected against censorship.

Step2: Visit Choose your webserver & Operating system and get the installation commands
I'm running Debian 10 VPS

Step3: SSH into the server

SSH into the server running your HTTP website as a user with sudo privileges.

ssh mahesh@  (sudo user and server ip)

Step4: Install Certbot

Run this command on the command line on the machine to install Certbot. (for debian 10 Buster)

sudo apt-get install certbot python-certbot-apache

Step5: Choose how you'd like to run Certbot

Either get and install your certificates...

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --apache

For a specific website: sudo certbot --apache -d 

Or, just get a certificate

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly --apache

Test automatic renewal

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again unless you change your configuration. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

cat /etc/cron.d/certbot
add the line of code in crontab -e

Confirm that Certbot worked

To confirm that your site is set up properly, visit in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to


0 Komentar