# Installing Let's Encrypt SSL Certificate on a Server with Nginx or Apache

{% hint style="success" %}
**This certificate can be used with Cloudflare; for that, change the SSL mode to Strict / Full (Strict). This method is primarily used if the universal Cloudflare certificate is unsuitable or if Cloudflare has displayed a red warning.**
{% endhint %}

***

**Preparing the Server for SSL Certificate Installation**

Before starting the installation, update the system and repositories:

```bash
sudo apt-get -y update && sudo apt-get -y dist-upgrade
```

This command updates the list of available packages and performs a complete upgrade of installed components. It is recommended to run it on the latest version of Ubuntu or Debian.

***

**Installing Certbot — the Tool for Let's Encrypt**

Certbot is the official Let's Encrypt client. To install it, execute:

```bash
sudo apt-get -y install certbot
```

After installation, you can use Certbot to generate, renew, and manage SSL certificates.

***

**Installing Additional Certbot Modules for Nginx and Apache**

To integrate Certbot with a specific web server, you need to install the corresponding plugin.

**For Nginx:**

```bash
sudo apt-get -y install python3-certbot-nginx
```

**For Apache2:**

```bash
sudo apt-get -y install python3-certbot-apache
```

After installing the plugins, you can proceed to generate certificates.

***

**Conditions for Successful SSL Certificate Generation**

Before running Certbot, ensure that:

* The web server (Nginx or Apache) **is running.**
* The specified domain **points to the server's IP address.**
* Port 80 (HTTP) **is open.**

This is critical, as Certbot uses HTTP calls for domain validation.

***

**Generating SSL Certificate via Certbot for Nginx**

If you are using Nginx, run the following command:

```bash
sudo certbot certonly --nginx -d yoursite.com
```

Replace `yoursite.com` with the actual domain. After the process is complete, the certificate will be saved in `/etc/letsencrypt/live/yoursite.com/`.

***

**Generating SSL Certificate via Certbot for Apache**

For Apache, use a different command:

```bash
sudo certbot certonly --apache -d yoursite.com
```

Certbot will automatically detect Apache configurations and suggest automatic integration of SSL into the configuration files.

***

**Alternative: Generating via Standalone (Without Web Server)**

If the web server cannot be started (for example, if port 80 is occupied or the site is temporarily down), you can use standalone mode:

```bash
sudo certbot certonly --standalone -d yoursite.com
```

In this case, Certbot will launch a temporary HTTP server for validation.

***

**Setting Up Automatic Renewal of SSL Certificate**

Let's Encrypt certificates are valid for 90 days. To renew the certificate manually, use:

```bash
sudo certbot renew
```

To set up **automatic renewal**, add a job to `cron` or use a system timer:

```bash
sudo systemctl list-timers | grep certbot
```

Certbot automatically checks certificates twice a day and renews them if necessary.

***

**Checking Validity and Expiration Dates of the Certificate**

To check the status of the certificate, use:

```bash
sudo certbot certificates
```

This command will display all current certificates, expiration date, and path to the keys.

***

**Common Errors and Their Solutions**

| Error                     | Cause                          | Solution                                          |
| ------------------------- | ------------------------------ | ------------------------------------------------- |
| Timeout during generation | Port 80 is closed              | Open the port in the firewall                     |
| "Domain not found"        | DNS is not configured          | Check the domain's A record                       |
| "Permission denied"       | Insufficient permissions       | Run with sudo                                     |
| Certificate did not apply | Automatic configuration failed | Manually integrate SSL into the web server config |

***

**Conclusion: Fast and Reliable Encryption with Let's Encrypt**

Let's Encrypt provides a convenient and free way to secure your website. With Certbot, the process of installing and renewing certificates is fully automated, especially when using Nginx or Apache. By following this guide, you can obtain a valid certificate and activate HTTPS on your domain in just a few minutes.

***

**Frequently Asked Questions (FAQ)**

<details>

<summary><strong>Can Let's Encrypt be used for subdomains?</strong></summary>

Yes. Simply specify the subdomain: `-d sub.yoursite.com`.

</details>

<details>

<summary>Does Let's Encrypt work with IPv6?</summary>

Yes. As long as the DNS records are correct.

</details>

<details>

<summary>Can a certificate be installed on a local IP?</summary>

No. Only on

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://safedomains.gitbook.io/safedomains-wiki/english/information/installing-lets-encrypt-ssl-certificate-on-a-server-with-nginx-or-apache.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.