Configuring Let's Encrypt for your hosting platform is now a fundamental step for any site owner. This guide outlines the core configurations to integrate a secure certificate using Certbot.
Prerequisites and Initial Setup
Before launching the configuration, verify your VPS has a reachable domain pointing to it. You will need root access and a HTTP daemon like Caddy. The Let's Encrypt client package must be added via your distribution's package manager. For example, on Debian, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The simplest method is to use the standalone plugin. For Nginx, the `--apache` or `--nginx` plugin can automatically modify your virtual host. Run: `sudo certbot --apache -d example.com -d www.example.com`. This starts the domain validation. If you prefer a non-intrusive method, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This deposits a token in your public folder.
Web Server Configuration Adjustments
After downloading the certificate, you must update your server block to point to the key and certificate files. For Apache, the standard directives are:
- ssl_certificate: `/etc/letsencrypt/live/example.com/fullchain.pem`
- SSLCertificateKeyFile: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you activate HTTPS rewriting from HTTP to HTTPS. A permanent redirect is standard. For Apache, include a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates expire 90 days. The client sets up a cron job to refresh them on a regular basis. To verify the renewal process, run: `sudo certbot renew --dry-run`. Review your server logs for issues. If the renewal encounters a problem, investigate for port get more info 80 issues.
Security Hardening (Optional but Recommended)
To enhance security, enable HSTS by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, disable outdated TLS versions and use secure protocols. A secure configuration protects your clients from vulnerabilities.
By implementing these guidelines, your site will be encrypted with a free Let's Encrypt certificate, providing privacy for every connection.