You know that little padlock icon that appears when you visit a site that starts with https:// in your browser? That padlock means an SSL or TLS certificate is present. In this post, I’ll help you install a free certificate for your website on Ubuntu Server 24.04. At the end, I’ll also provide other free ways to get one.
Why Do I Need a Certificate for My Website?
An SSL/TLS certificate encrypts communication between the site and you for data safety. This encryption stops bad actors from taking advantage of insecure websites. It prevents malicious activity such as:
- Sniffing users’ private data
- Impersonating legitimate sites to steal login credentials
- Altering transactions to commit financial fraud
As the operator of a legitimate site, your users will care if you have a web certificate. First, most shoppers won’t enter their credit card into a site that doesn’t protect data. Second, Google search results will warn users about sites that don’t have a proper certificate, making potential users bounce.
Furthermore, email spam filters are stricter now than ever. If your organization is hosting its own email addresses, your messages will often not be delivered at all if they weren’t sent with a certificate.
An SSL/TLS certificate is like a driver’s license for your website: you need one for compliance and trust.
Prerequisites
To get started, you’ll need to have a website already up and running. For this guide, we’ll require the following setup:
- Operating system: Ubuntu Server 24.04 or another Linux distro
- Domain name: such as lifeincloud.com
- Web server: such as Apache or Nginx
If you’re looking for a fast way to host a web server, check out our 1-click deployment for Apache or Nginx from the LifeinCloud marketplace. These stacks include MySQL and PHP so you can get up and running quickly.
How to Install A Free SSL Certificate on Ubuntu Server 24.04
Now that you know why having a web certificate matters, we’re ready to obtain and install one for your site.
There are paid services where you can buy a certificate, but I’ll be going over how to get a free certificate from Let’s Encrypt. Let’s Encrypt (LE) is a nonprofit certificate authority that issues certificates to over 500 million websites.
The instructions below assume that visiting your domain name already loads your website. Since the instructions vary slightly depending on which web server you’re using (Apache or Nginx), skip down to the appropriate section below.
How to Install SSL Certificate on Apache Web Server
Here’s how to install a free Let’s Encrypt certificate on Ubuntu Server 24.04 running Apache web server:
1. Install Certbot, an application that automatically manages LE certificates: sudo apt install certbot python3-certbot-apache
2. Request and install a certificate for Apache web server: sudo certbot --apache
You’ll be asked to provide an email address for notifications and agree to the TOS to continue.
If your website is configured properly, Certbot should bring up a list of domain names linked to your server.
Identify the domain you want a certificate for.
3. Restart Apache to apply the new configuration: sudo systemctl restart apache2
Now that the certificate is installed, skip down a couple of sections to check if your certificate is working.
How to Install SSL Certificate on Nginx Web Server
Here’s how to install a free Let’s Encrypt certificate on Ubuntu Server 24.04 running Nginx web server:
1. Install Certbot, an application that automatically manages LE certificates: sudo apt install certbot python3-certbot-nginx
2. Request and install a certificate for Nginx web server: sudo certbot --nginx
You’ll be asked to provide an email address for notifications and agree to the TOS to continue.
If your website is properly configured, Certbot should bring up a list of domains to select.
If not, Certbot might let you type in your domain name manually.
3. Restart Nginx to apply the new configuration: sudo systemctl restart nginx
You’re done with this step. We’ll verify if everything is working properly in the next section.
Verify the Certificate Installation
Now that you’ve installed the certificate on your web server, let’s check if the security is active.
Open a browser and surf to your domain name. The secure version of your site should load automatically, but if not, don’t forget to put https:// in front of your address.
You can click the icon next to the address to view your site’s security:
If it shows the lock icon, success!
Renew Certificates Automatically
Unfortunately, a certificate doesn’t last forever. Let’s Encrypt certificates are free, but the expiration period is rather brief: only 90 days. It would be time-consuming having to deal with this every three months, but luckily, we can use Certbot to automate renewals.
If you’ve followed the installation method above, auto-renewal should already be in place. Let’s check: sudo certbot renew --dry-run
Nice, auto-renewal will take place later. Hopefully, you won’t have to deal with certificates again for a long time.
By installing an SSL/TLS certificate, you’ve taken an important step in legitimizing your site and earning the trust of users on the web!
FAQ
Why do I get an error when requesting a certificate with Certbot?
If Certbot can’t obtain a certificate, it will output the reason for the failure in your terminal. For example:
- Ownership verification error: check your domain name’s DNS settings for an “A record” that points to your server’s IP address.
- Inaccessible website error: make sure your website successfully loads on port 80 and port 443 first, before you request the certificate.
Where does Certbot store my certificates?
Certbot stores certificates obtained from Let’s Encrypt in the /etc/letsencrypt/live folder.
You’ll need to be logged in as root to be able to access the folder.
Are there other ways I can get a free certificate?
Yes. The method I showed you above works well, but there are easy ways if you’re using other apps or services.
Here are alternative options to get free SSL certificates for your website:
- Content management systems: A CMS such as WordPress, Joomla, Drupal, or Magento will have a module that acquires free certificates.
- Caddy web server: If you’re using Caddy instead of Apache or Nginx, it obtains certificates for you automatically.
- Control panels: Webmin, Easypanel, Plesk, and cPanel have built-in features to load certificates for you.
- Shopify: If you pay for an e-commerce site with Shopify, then it provides SSL certificates for free.
- Cloudflare: A free account with this popular CDN includes SSL/TLS certificates.
- Get HTTPS for Free: As a last resort, you can request certificates manually using this wizard. However, it’s a multi-step process that you have to repeat on a regular basis, so I’d suggest using an automatic method whenever possible.
