Let’s Encrypt provides free, automatically-renewing SSL certificates. Certbot is the recommended ACME client that handles the entire certificate lifecycle. This guide secures an Nginx-hosted domain on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- Nginx installed with a server block for your domain
- Domain DNS A record pointing to your server
- Port 80 and 443 open in UFW
Step 1 – Install Certbot and the Nginx Plugin
Install from the Ubuntu repository:
sudo apt update
sudo apt install certbot python3-certbot-nginx -yStep 2 – Obtain a Certificate
Run Certbot with the Nginx plugin for your domain:
sudo certbot --nginx -d example.com -d www.example.comFollow the prompts: enter your email, agree to the ToS, and choose whether to redirect HTTP to HTTPS (recommended: redirect).
Step 3 – Verify HTTPS
Visit https://example.com — you should see the padlock icon and a valid certificate.
Step 4 – Test Auto-Renewal
Let’s Encrypt certificates expire after 90 days. Certbot installs a systemd timer to auto-renew. Test the renewal process:
sudo certbot renew --dry-runStep 5 – View Installed Certificates
List all managed certificates:
sudo certbot certificatesStep 6 – Check the Renewal Timer
Confirm the systemd timer is active:
sudo systemctl status certbot.timerStep 7 – Verify Nginx Configuration
Certbot automatically updates your Nginx config. Review it:
sudo nginx -t
sudo systemctl reload nginxConclusion
Your Nginx site on Ubuntu 24.04 LTS is now served over HTTPS with an automatically-renewing Let’s Encrypt certificate. Certbot manages renewal — no manual action needed every 90 days.
