Let’s Encrypt provides free, automated SSL/TLS certificates via the ACME protocol. Certbot is the official Let’s Encrypt client. This guide installs Certbot and manages certificates for Nginx on Ubuntu 24.04 LTS.

Tested and valid on:

  • Ubuntu 24.04 LTS

Prerequisites

  • Ubuntu 24.04 LTS server
  • Nginx installed
  • A domain name pointed to your server
  • Port 80 and 443 open in the firewall

Step 1 – Install Certbot

Install Certbot and the Nginx plugin via snapd:

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 2 – Obtain a Certificate

Request a certificate for your domain:

sudo certbot --nginx -d example.com -d www.example.com

Certbot automatically edits your Nginx config to add HTTPS.

Step 3 – Verify the Certificate

List installed certificates:

sudo certbot certificates

Step 4 – Test Automatic Renewal

Certbot installs a systemd timer for auto-renewal. Test it:

sudo certbot renew --dry-run

Step 5 – View the Renewal Timer

Confirm the auto-renewal timer is active:

sudo systemctl status certbot.timer

Step 6 – Renew a Certificate Manually

Force renewal of all certificates:

sudo certbot renew --force-renewal

Step 7 – Revoke and Delete a Certificate

Revoke a certificate (e.g. for a decommissioned domain):

sudo certbot revoke --cert-name example.com
sudo certbot delete --cert-name example.com

Step 8 – Use Certbot with Wildcard Certificates

Obtain a wildcard certificate using DNS-01 challenge:

sudo certbot certonly --manual --preferred-challenges dns -d '*.example.com' -d example.com

Follow the prompts to add a TXT DNS record, then verify.

Conclusion

Certbot is managing your Let’s Encrypt certificates on Ubuntu 24.04 LTS. Certificates are automatically renewed 30 days before expiry. Free TLS for all your domains keeps your users and data secure.