This blog post will show you how to install Let’s Encrypt SSL certificate on Ubuntu 26.04 on your domain, for free. Let’s Encrypt is a free, automated certificate authority (CA) run by the non-profit Security Research Group. Let’s Encrypt provides free SSL/TLS certificates to enable HTTPS on websites. The Free Let’s Encrypt SSL certificate is valid for 90 days and must be renewed, manually or automatically, using Certbot before it expires.
In the following paragraphs, we will explain in more detail the Certbot tool, the ACME provider, and their relationship with Let’s Encrypt. Then we will show you how to install a Free Let’s Encrypt SSL certificate using Nginx and Apache as web servers. Let’s get things done!
What is Certbot?
Certbot is a free, open-source tool designed to simplify the process of enabling HTTPS on websites. It is developed by the Electronic Frontier Foundation and works as a client for certificate authorities that support the ACME protocol. Certbot’s primary purpose is to automatically obtain, install, and renew SSL/TLS certificates so that website owners can secure their domains without manually handling complex cryptographic steps.
When a server administrator runs Certbot, the program communicates with a certificate authority—most commonly Let’s Encrypt—to request a certificate for a specific domain. Certbot verifies that the user controls the domain by performing validation challenges, such as creating a temporary file on the web server or configuring a DNS record. Once verification succeeds, the certificate is issued and downloaded to the server.
What is ACME?
ACME (Automatic Certificate Management Environment) is an open protocol that automates the issuance, validation, and renewal of SSL/TLS certificates for websites. It was designed to eliminate the manual steps traditionally required to obtain certificates, such as generating requests and proving domain ownership.
ACME allows software clients—such as Certbot—to communicate directly with certificate authorities, such as Let’s Encrypt, to request certificates automatically. The protocol verifies that the requester controls a domain through challenges, such as HTTP or DNS validation. Once verified, the certificate is issued and installed. ACME also supports automatic renewal, helping ensure that website encryption remains active without manual maintenance.
Now, when things are clear, let’s proceed with the Let’s Encrypt installation!
Prerequisites
- A server running Ubuntu 26.04 OS
- User privileges: root or non-root user with sudo privileges
- A valid domain name pointed to the server IP address
Update the system
Before we start installing Let’s Encrypt, we need to update the packages to their latest available versions. To do that, execute the following command:
apt update -y && apt upgrade -y
Let’s Encrypt with NGINX as a web server
If we have an Nginx web server installed, installing Let’s Encrypt requires installing the Python Certbot plugin for Nginx. To do that, execute the following command:
apt install certbot python3-certbot-nginx -y
Before we obtain a certificate, we need to create an nginx configuration file:
nano /etc/nginx/conf.d/yourdomain.conf
Paste the following lines of code:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/html;
index index.html;
server_tokens off;
access_log /var/log/nginx/yourdomain.com_access.log;
error_log /var/log/nginx/yourdomain.com_error.log;
client_max_body_size 64M;
location / {
try_files $uri $uri/ =404;
}
}
Save the file, close it, and check the Nginx syntax:
nginx -t
You should receive the following output:
root@host:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@host:~# service nginx restart
You can proceed with the Nginx restart:
systemctl restart nginx
Now we can obtain an SSL certificate with the command below:
certbot --nginx -d yourdomain.com
You should enter your email address for renewal and any extra info described below. After successful installation, you will receive the paths of the SSL certificates.
root@host:~#certbot --nginx -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: No
Account registered.
Requesting a certificate for yourdomain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem
This certificate expires on 2026-06-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for to /etc/nginx/conf.d/yourdomain.com.conf
Congratulations! You have successfully enabled HTTPS on https://yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Let’s Encrypt with APACHE as a web server
If we have an Apache web server installed, installing Let’s Encrypt requires installing the Python Certbot plugin for Apache. To do that, execute the following command:
apt install certbot python3-certbot-apache -y
Before we obtain a certificate, we need to create an Apache configuration file:
nano /etc/apache2/sites-available/yourdomain.conf
Paste the following lines of code
<VirtualHost *:80>
ServerName yourdomain.com
DocumentRoot /var/www/html/
<Directory /var/www/html/>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Save the file and close it.
Enable the Apache configuration files for your domain along with the rewrite module.
a2enmod rewrite
a2ensite yourdomain.conf
Check the Apache2 syntax:
apachectl -t
You should receive the following output:
root@host:/var/www/html/# apachectl -t
Syntax OK
If the syntax is OK, restart the Apache service.
systemctl restart apache2
Now we can obtain an SSL certificate with the command below:
certbot --apache -d yourdomain.com
After executing the command, you will be asked a couple of questions, and the output after generating the SSL certificate should look like this:
root@host:~# certbot --apache -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes
Account registered.
Requesting a certificate for yourdomain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem
This certificate expires on 2026-06-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for yourdomain.com to /etc/apache2/sites-available/website-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
As you can see, the procedure is the same as in the previous step, except for the command for obtaining an SSL certificate for Apache.
That’s it. You successfully installed a Free Let’s Encrypt SSL certificate on Ubuntu 26.04 using Apache and Nginx as a web server.
If you have any difficulties with this installation, our Linux admins can help with any aspect of it. You need to sign up for one of our monthly server management or per-incident server support plans. Do not hesitate to contact us anytime. We are available 24/7.
If you liked this post about how to install Let’s Encrypt on Ubuntu 26.04, please share it with your friends or leave a comment down below.
