# How to install a free SSL certificate with Certbot and Nginx ### What you will get By the end of this tutorial, you will have: * a free SSL certificate from Let's Encrypt * HTTPS enabled for your website * automatic certificate renewal ### Requirements before you start * an active [domain](https://ititanhosting.com/) or subdomain * an `A` or `AAAA` DNS record pointing to the server * ports `80` and `443` open * a working Nginx configuration ### 1. Check DNS resolution From your local computer or the server: ```bash nslookup example.com ``` or ```bash dig +short example.com ``` The IP shown should match your server. ### 2. Install Certbot and the Nginx plugin ```bash sudo apt update sudo apt install certbot python3-certbot-nginx -y ``` ### 3. Validate the Nginx configuration Before requesting a certificate: ```bash sudo nginx -t ``` If Nginx reports configuration errors, fix them before continuing. ### 4. Run Certbot Example for the root domain and `www` variant: ```bash sudo certbot --nginx -d example.com -d www.example.com ``` Certbot will ask for: * your email address * acceptance of the terms * whether to automatically redirect HTTP to HTTPS In most cases, automatic redirect to HTTPS is the right choice. ### 5. Test HTTPS access Open this in a browser: ``` https://example.com ``` You can also test from the shell: ```bash curl -I https://example.com ``` ### 6. Verify automatic renewal Run a renewal simulation: ```bash sudo certbot renew --dry-run ``` If this succeeds, automatic renewal is correctly configured. ### Where the certificates are stored Certificate files are usually located in: ``` /etc/letsencrypt/live/example.com/ ``` However, if you use the Nginx Certbot plugin, you normally do not need to reference those paths manually. ### Common issues #### Certbot cannot validate the domain Check that: * DNS points to the correct IP * port 80 is publicly reachable * no other server or proxy is answering for that domain #### Nginx fails after changes Test the configuration: ```bash sudo nginx -t ``` Then inspect logs: ```bash sudo journalctl -u nginx --no-pager -n 50 ``` ### Best practices * Use HTTPS on all public websites. * Enable automatic redirect from HTTP to HTTPS. * Recheck renewal after major server or DNS changes. * If you use Cloudflare, make sure its SSL mode is configured properly to avoid loops or certificate errors. ### Conclusion Certbot with Nginx is one of the fastest and most practical ways to secure a VPS-hosted website with a free certificate. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ititanhosting.ro/docs/english/vps/linux/how-to-install-a-free-ssl-certificate-with-certbot-and-nginx.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.