How to Install Free SSL on Ubuntu Server Using Certbot (Step-by-Step 2026 Guide)

Introduction

In today's digital landscape, securing your website with HTTPS is no longer optional—it's a critical standard. An SSL certificate encrypts data between your server and your users, protects sensitive information, boosts your SEO ranking, and builds trust with visitors.

Fortunately, you don't need to spend a fortune. Let's Encrypt provides free, automated, and open SSL certificates. The easiest way to use it on Ubuntu is with Certbot.

This step-by-step 2026 guide will walk you through installing a free SSL certificate on your Ubuntu server using Certbot, for both Nginx and Apache web servers.

Prerequisites

Before getting started, make sure you have:

1.  A running Ubuntu server (22.04 or later recommended).

2.  A domain name (e.g., example.com) pointing to your server’s IP address.

3. Nginx or Apache web server installed and running.

4. Root or sudo access to your server.

5. Your domain's DNS pointing to your server's public IP address

Step 1: Update Your Ubuntu Server

Start by updating your package list to ensure you’re using the latest versions:

sudo apt update && sudo apt upgrade -y

Step 2: Install Certbot

Certbot is the official client from Let’s Encrypt used to obtain and manage SSL certificates.

For Nginx users:

sudo apt install certbot python3-certbot-nginx -y

For Apache users:

sudo apt install certbot python3-certbot-apache -y

Step 3: Obtain a Free SSL Certificate

Now you’ll issue a free SSL certificate for your domain.

For Nginx:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

For Apache:

 sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

you need to write your domain name in place of yourdoman 

Certbot will automatically:

• Verify your domain via Let’s Encrypt

• Configure your web server

• Enable HTTPS

• Install the SSL certificate

You’ll be asked for an email (for renewal alerts) and to agree to the Let’s Encrypt terms.
After success, you’ll see a message like:

Congratulations! Your certificate and chain have been saved at 

/etc/letsencrypt/live/yourdomain.com/fullchain.pem

Step 4: Verify SSL Installation

To verify that SSL is correctly installed, run:

sudo certbot certificates

This will display your certificate details, expiration date, and domain coverage.

Then visit your website in a browser:

https://yourdomain.com

You should see a secure padlock 🔒 icon, meaning HTTPS is active.

You can also test it using SSL Labs Test.

Step 5: Auto-Renew SSL Certificates

Let’s Encrypt certificates expire every 90 days, but you can auto-renew them easily.

Enable automatic renewal using this command:

sudo systemctl enable certbot.timer

To test renewal manually:

sudo certbot renew --dry-run

If you see “Congratulations, all renewals succeeded!”, you’re all set — your SSL will auto-renew every 60 days.

FAQs — Free SSL Installation on Ubuntu with Certbot

1. What is Certbot?

Certbot is a free tool from the Electronic Frontier Foundation (EFF) used to install and manage SSL certificates from Let’s Encrypt.

2. Is Let’s Encrypt SSL really free?

Yes — 100% free, trusted by all major browsers.

3. How long does a Let’s Encrypt SSL certificate last?

Each certificate is valid for 90 days, but Certbot can auto-renew it automatically.

4. Can I use this for Laravel or PHP apps?

Absolutely! Laravel, PHP, or Node.js — any app running on your Ubuntu web server can use this SSL setup.

5. What happens if SSL renewal fails?

You’ll get an email alert from Let’s Encrypt. You can also manually renew using:

sudo certbot renew

6. Can I install SSL on multiple domains?

Yes! Just add multiple -d flags, like:

sudo certbot --nginx -d example.com -d api.example.com

7. Does this method work on all Ubuntu versions?

Yes, but Ubuntu 22.04 LTS or later is highly recommended for better stability and security.