How Can We Help?
< All Topics
Print

Securing Your VPS: A Guide to Installing SSL with Certbot

Certbot is free, open-source software that automatically activates HTTPS on manually managed websites using Let’s Encrypt certificates.

a) Prepare VPS

SSL

1. First, ensure that your VPS:

  • Have a running web server (e.g., Apache, NGINX, etc.).
  • Websites hosted on your VPS are configured to be accessed by entering the domain name (not the IP) in the address bar.
  • The domain is propagated and pointed to VPS child nameservers. Installing SSL using Certbot during domain propagation may create a self-signed certificate, potentially causing website access errors.

b) Install dependencies

1. Then, connect to your VPS via SSH and install Python 3.6+, venv, and Augeas according to your operating system’s requirements:
  • For APT-based distributions (Debian or Ubuntu), run the sudo apt update and sudo apt install python3 python3-venv libaugeas0 commands.
  • For RPM-based distributions (Fedora, CentOS), use the sudo dnf install python3 augeas-libs command.
Notes:
  • You need to use the Yum command for older distributions because it doesn’t support DNF.
  • RHEL-based distributions may use Python 3x instead of Python 3.
  • You may need to install additional dependencies if you have problems installing encryption. You can find more information in the Building Cryptography on Linux documentation.

c) Install Certbot

1. Afterwards, remove all installed Certbot packages before installing the latest version using a package manager like apt, dnf, or yum to avoid conflicts with previous versions.

2. Next, execute the sudo python3 -m venv and sudo /opt/certbot/bin/pip install –upgrade pip commands to set up a Python virtual environment.

3. Then, install Certbot by entering the command sudo /opt/certbot/bin/pip install certbot certbot-apache in Apache or sudo /opt/certbot/bin/pip install certbot certbot-nginx in NGINX.

4. Next, create a symbolic link for Certbot to be executed from any path by using the sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot command.

5. Finally, use the sudo certbot –apache command for Apache or the sudo certbot –nginx command for NGINX to install and activate SSL for your website, allowing Certbot to perform all configuration.

Notes:

  • To obtain a certificate and configure SSL manually, add certonly after certbot and before –apache or –nginx.
  • To set up automatic renewals for SSL, use the following command: echo “0 0,12 * * * root /opt/certbot/bin/python -c ‘import random; import time; time.sleep(random.random() * 3600)’ && sudo certbot renew -q” | sudo tee -a /etc/crontab > /dev/null command because SSL is valid for 90 days.
Table of Contents