Let’s Encrypt provides free, automated SSL/TLS certificates via the ACME protocol. Certbot is the official Let’s Encrypt client. This guide installs Certbot and manages certificates for Nginx on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- Nginx installed
- A domain name pointed to your server
- Port 80 and 443 open in the firewall
Step 1 – Install Certbot
Install Certbot and the Nginx plugin via snapd:
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Step 2 – Obtain a Certificate
Request a certificate for your domain:
sudo certbot --nginx -d example.com -d www.example.com
Certbot automatically edits your Nginx config to add HTTPS.
Step 3 – Verify the Certificate
List installed certificates:
sudo certbot certificates
Step 4 – Test Automatic Renewal
Certbot installs a systemd timer for auto-renewal. Test it:
sudo certbot renew --dry-run
Step 5 – View the Renewal Timer
Confirm the auto-renewal timer is active:
sudo systemctl status certbot.timer
Step 6 – Renew a Certificate Manually
Force renewal of all certificates:
sudo certbot renew --force-renewal
Step 7 – Revoke and Delete a Certificate
Revoke a certificate (e.g. for a decommissioned domain):
sudo certbot revoke --cert-name example.com
sudo certbot delete --cert-name example.com
Step 8 – Use Certbot with Wildcard Certificates
Obtain a wildcard certificate using DNS-01 challenge:
sudo certbot certonly --manual --preferred-challenges dns -d '*.example.com' -d example.com
Follow the prompts to add a TXT DNS record, then verify.
Conclusion
Certbot is managing your Let’s Encrypt certificates on Ubuntu 24.04 LTS. Certificates are automatically renewed 30 days before expiry. Free TLS for all your domains keeps your users and data secure.