Let’s Encrypt provides free, automated SSL/TLS certificates that help secure websites with HTTPS. On unmanaged servers (where you control the OS and configuration directly), you can install Let’s Encrypt certificates using command‑line tools such as Certbot.
Why Use Let’s Encrypt?
-
Free and widely trusted by browsers.
-
Automates certificate issuance and renewal.
-
Provides strong encryption for websites and applications.
-
Helps avoid “Not Secure” browser warnings.
Steps to Secure an Unmanaged Server
1. Install Certbot
Certbot is the recommended client for Let’s Encrypt.
-
On Ubuntu/Debian:
Bash sudo apt update sudo apt install certbot -
On CentOS/RHEL:
Bash sudo yum install certbot
⚠️ Note: Some VPS infrastructures may not support snapd. In that case, use your distribution’s package manager instead of Snap【edge_current_page_context†source】.
2. Generate and Install the SSL Certificate
Run Certbot with your web server type:
-
Apache:
sudo certbot --apache -
Nginx:
sudo certbot --nginx
Certbot will automatically configure your server to use HTTPS.
3. Automatic Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot sets up a cron job or systemd timer to renew them automatically:
Bash
sudo certbot renew --dry-run
This command tests the renewal process to ensure it works correctly.
4. Verify Installation
-
Visit your site with
https://and check for the padlock icon. -
Use SSL testing tools (e.g., SSL Labs) to confirm proper installation.
Notes
|
