Categories: How To

How To Install Certbot on Ubuntu 24.04: Set Up Let’s Encrypt for Apache and Nginx

Securing your website with HTTPS is essential for privacy, SEO ranking, and user trust. Let’s Encrypt provides free SSL/TLS certificates, and Certbot is the easiest way to automate their installation and renewal.

In this guide, you’ll learn how to install Certbot on Ubuntu 24.04 and issue SSL certificates for Apache, Nginx, or custom setups, including manual certificate-only generation and DNS challenge for wildcard domains.

Prerequisites

Before you start, ensure you have:

  • A server running Ubuntu 24.04
  • Root or sudo privileges
  • A domain name (e.g., example.com)
  • Either Apache, Nginx, or another web service installed

Step 1: Update Your System

sudo apt update && sudo apt upgrade -y

Step 2: Install Snapd

Certbot is officially distributed via Snap. Install and refresh Snap core:

sudo apt install snapd -y
sudo snap install core && sudo snap refresh core

Step 3: Install Certbot

Remove any APT-based Certbot installation first:

sudo apt remove certbot -y

Then install the Snap version:

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 4: Obtain an SSL Certificate

Certbot supports several modes depending on your setup. Choose one below 👇

A. Automatically Configure Apache

sudo certbot --apache

Certbot will:

  • Detect Apache virtual hosts
  • Request a Let’s Encrypt certificate
  • Configure HTTPS automatically

B. Automatically Configure Nginx

sudo certbot --nginx

This command:

  • Detects Nginx server blocks
  • Obtains and installs the SSL certificate
  • Configures automatic redirection from HTTP to HTTPS

C. Generate Certificate Only (No Auto Configuration)

If you prefer manual configuration, you can generate certificates only.

Option 1: Standalone Plugin

Use this if Apache or Nginx is stopped or not installed.

sudo systemctl stop apache2
sudo systemctl stop nginx
sudo certbot certonly --standalone -d example.com -d www.example.com
sudo systemctl start apache2
sudo systemctl start nginx

Option 2: Webroot Plugin

Use this if your web server is running and serves files from /var/www/html.

sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com

Certificates are saved at:

/etc/letsencrypt/live/example.com/

Then manually edit your server config:

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

D. Use DNS Challenge (Wildcard or Private Server)

If your site doesn’t serve content over port 80/443 or you want a wildcard certificate (e.g. *.example.com), use the DNS-01 challenge.

Manual DNS Challenge

sudo certbot certonly --manual --preferred-challenges=dns -d example.com -d '*.example.com'

Certbot will show a TXT record similar to:

_acme-challenge.example.com  TXT  "GvF3v5YFh2oCqUZ4U9E2L7a4zv2sQKqBg0CqQe3x7aU"

👉 Add this record in your DNS zone (through Cloudflare, Route53, etc.),
wait a minute for propagation, and then press Enter to continue.

Once validated, your wildcard certificate will be issued and stored in:

/etc/letsencrypt/live/example.com/

Automated DNS Challenge (API-based)

If your DNS provider is supported by Certbot, you can automate this process.
For example, for Cloudflare:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-cloudflare

Then run:

sudo certbot certonly --dns-cloudflare \
  --dns-cloudflare-credentials /root/.secrets/cloudflare.ini \
  -d example.com -d '*.example.com'

/root/.secrets/cloudflare.ini should contain:

dns_cloudflare_api_token = YOUR_CLOUDFLARE_API_TOKEN

Make sure it’s secure:

sudo chmod 600 /root/.secrets/cloudflare.ini

Step 5: Verify SSL Installation

Open:

https://your-domain.com

Or test your SSL setup using SSL Labs.

Step 6: Test Auto-Renewal

Let’s Encrypt certificates expire every 90 days, but Certbot auto-renews them.
You can test renewal with:

sudo certbot renew --dry-run

Step 7: Troubleshooting

ProblemFix
Port 80/443 blockedsudo ufw allow 'Nginx Full' or sudo ufw allow 'Apache Full'
DNS challenge failsVerify your TXT record is correctly propagated
Renewal doesn’t workCheck sudo systemctl status snap.certbot.renew.service

Conclusion

You’ve successfully installed Certbot on Ubuntu 24.04 and configured Let’s Encrypt SSL certificates for Apache, Nginx, or custom setups — including advanced DNS challenge support for wildcard or private domains.

Your site now benefits from secure HTTPS, automatic renewals, and modern encryption practices.

ferisetyawanmyid

Share
Published by
ferisetyawanmyid
Tags: apacheCertbotDNS ChallengeLet’s EncryptlinuxNginxSysadminUbuntu 24.04Web ServerWildcard SSL
2 days ago

Recent Posts

Best SSH Clients for Linux: Top Tools for Secure Remote Connections

If you manage Linux servers regularly, you know how important SSH (Secure Shell) is. Whether…

1 week ago

🐧 Best Linux Distributions for Beginners and Daily Use (2025 Edition)

If you’re new to Linux or thinking about switching from Windows or macOS, this guide…

2 weeks ago

Essential SRE Tools That Run on Linux

Introduction Site Reliability Engineering (SRE) has become a critical discipline in modern IT operations. The…

4 weeks ago

Best Free CRM Websites for Businesses in 2025

Updated: August 17, 2025 A practical guide to the best free CRM (Customer Relationship Management)…

2 months ago

Free Website Hosting Control Panel for Linux

If you run a VPS or dedicated server with Linux, you probably know that managing…

2 months ago

How to Find Out Who Rebooted Your Ubuntu Server (Step-by-Step Guide)

Short summary: Use built-in Linux tools (`who`, `last`, `journalctl`, `/var/log/auth.log`) and optional audit logs to…

2 months ago

This website uses cookies.