How to Generate a Free SSL Certificate Using Let’s Encrypt in 2025

Securing your website with SSL is essential for protecting data and building user trust. Let’s Encrypt is a free, automated, and open Certificate Authority (CA) that makes it easy to obtain SSL certificates. With Let’s Encrypt, you can encrypt your website traffic without incurring costs or navigating complex processes. This guide walks you through the steps to generate and install a free SSL certificate using Let’s Encrypt, ensuring your website is secure and compliant with modern web standards. Follow these detailed instructions to get started!

Here’s a step-by-step guide to generate a free SSL certificate using Let’s Encrypt:

Step 1: Install Certbot

Certbot is the official tool for generating and managing Let’s Encrypt SSL certificates. Follow these steps to install it:

On Ubuntu/Debian:

bash

sudo apt update
sudo apt install certbot python3-certbot-nginx

On CentOS/RHEL:

bash

sudo yum install epel-release
sudo yum install certbot python3-certbot-nginx

On macOS:

bash

brew install certbot

Step 2: Prepare Your Server

Ensure your domain points to your server’s IP address using DNS records.
Open port 80 (HTTP) and 443 (HTTPS) in your firewall:

bash

sudo ufw allow 80
sudo ufw allow 443

Step 3: Generate SSL Certificate

For Nginx:

Run Certbot with the Nginx plugin: sudo certbot --nginx
Follow the prompts:
- Enter your email address.
- Agree to the terms of service.
- Select the domain(s) you want to secure.
Certbot will automatically configure Nginx to use the SSL certificate.

For Apache:

Run Certbot with the Apache plugin: sudo certbot --apache
Follow the prompts as above, and Certbot will configure Apache automatically.

For Manual Installation:

Run Certbot in standalone mode: sudo certbot certonly --standalone
Follow the prompts to generate the certificate.
The certificate files will be saved in /etc/letsencrypt/live/yourdomain.com/:
- Certificate: fullchain.pem
- Private Key: privkey.pem
Configure your web server (Nginx/Apache) manually to use these files.

Step 4: Test SSL Configuration

Restart your web server:
- Nginx: sudo systemctl restart nginx
- Apache: sudo systemctl restart apache2
Visit your website using https:// to verify SSL is working.
Use SSL Labs to check your SSL setup.

Step 5: Automate Renewal

Let’s Encrypt certificates are valid for 90 days. Automate renewal using a cron job:

Test renewal manually: sudo certbot renew --dry-run
If successful, Certbot’s installation usually sets up a cron job for automatic renewal. Verify it: sudo systemctl list-timers | grep certbot
Alternatively, add this command to your cron jobs: 0 0,12 * * * /usr/bin/certbot renew --quiet

Step 6: Troubleshooting

Firewall Issues: Ensure ports 80 and 443 are open.
DNS Propagation: Verify your domain resolves to your server using ping yourdomain.com.

About The Author

DigitalFiverr Technologies

DigitalFiverr Technologies offers full-service digital marketing solutions including website development, SEO, PPC, SMM and software testing. Contact us to enhance your online presence and take your business to the next level.

See author's posts