How to Set Up HTTPS with Let's Encrypt (Free SSL)

Web Hosting 3 min read Updated May 2026

HTTPS encrypts traffic between your server and visitors, protects user data, and is required for modern websites. Let's Encrypt provides free, trusted SSL certificates. This guide covers setup on Ubuntu 22.04 with Nginx.

Prerequisites

Step 1: Install Certbot

apt update
apt install certbot python3-certbot-nginx -y

Step 2: Obtain and Install the Certificate

Run Certbot with the Nginx plugin:

certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot will:

  1. Verify you own the domain (via an HTTP challenge)
  2. Download and install the certificate
  3. Automatically update your Nginx config for HTTPS
  4. Set up a redirect from HTTP to HTTPS

Follow the prompts - when asked about redirects, choose option 2 (redirect all HTTP to HTTPS).

Step 3: Verify HTTPS Is Working

Visit your site in a browser:

https://yourdomain.com

You should see a padlock icon in the address bar. Your site is now secured with HTTPS.

Step 4: Auto-Renewal

Let's Encrypt certificates expire every 90 days. Certbot automatically sets up a cron job to renew them. Test the renewal process with:

certbot renew --dry-run

If you see Congratulations, all simulated renewals succeeded, auto-renewal is working correctly.

Checking Certificate Details

View your certificate's expiry date and domains:

certbot certificates

Manual Renewal (if needed)

certbot renew
systemctl reload nginx

Troubleshooting

Problem Solution
Domain not resolving Check your DNS A record points to the correct server IP
Port 80 not accessible Make sure port 80 is open in your firewall (ufw allow 80)
Too many requests Let's Encrypt has rate limits - wait an hour and try again
Certificate not trusted Ensure you're using the full chain certificate

What Your Nginx Config Looks Like After Certbot

Certbot automatically updates your server block to something like:

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    root /var/www/mywebsite;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}

Questions? Email us at [email protected] - we reply in under 2 hours, 7 days a week.

Top up in crypto.
Be root in a minute.

No cards. No KYC. Uninterrupted service since 2014. For people who'd rather not explain why they need a server.

Deploy a server →