How to Install Certbot SSL on Ubuntu 26.04 with Nginx

Linux Basics

By Jennifer Webb

Updated on Jul 14, 2026

How to Install Certbot SSL on Ubuntu 26.04 with Nginx

In this tutorial, you'll learn how to install Certbot using the Ubuntu APT repository, generate a free Let's Encrypt SSL certificate, and configure HTTPS for your Nginx website.

If you have an Nginx website running on Ubuntu 26.04, adding HTTPS with Let's Encrypt is one of the best ways to secure your website. Certbot makes the entire process simple by requesting a free SSL certificate, configuring Nginx automatically, and handling certificate renewals for you.

What is Certbot?

Certbot is a free tool developed for Let's Encrypt that automatically requests, installs, and renews SSL certificates. It also updates your Nginx configuration, so you don't have to edit SSL settings manually.

By the end of this tutorial, your website will be accessible over HTTPS with a trusted SSL certificate.

Note: This guide uses the APT package manager.

Prerequisites

Before getting started, make sure you have the following:

  • Ubuntu 26.04 dedicated server
  • Nginx installed and running
  • A registered domain name
  • Your domain's DNS A record pointing to your server's public IP address
  • A user with sudo privileges
  • Ports 80 and 443 open in your firewall

Step 1: Update Package Repository

Update your server package list.

sudo apt update

If updates are available, install them.

sudo apt upgrade -y

Step 2: Install Certbot for Nginx

Ubuntu 26.04 provides Certbot through its APT repository.

Install Certbot along with the Nginx plugin.

sudo apt install certbot python3-certbot-nginx -y

Once the installation is complete, verify that Certbot is installed.

certbot --version

Example output:

certbot 3.x.x

Step 3: Verify the Nginx Configuration

Before requesting an SSL certificate, make sure your Nginx configuration is valid.

sudo nginx -t

Expected output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload Nginx.

sudo systemctl reload nginx

Step 4: Request a Let's Encrypt SSL Certificate

Run Certbot using the Nginx plugin.

Replace the example domain with your own domain.

sudo certbot --nginx -d example.com -d www.example.com

Example:

sudo certbot --nginx -d hostnextra.com -d www.hostnextra.com

During installation, Certbot will ask for the following information:

  • Your email address
  • Agreement to the Let's Encrypt Terms of Service
  • Whether HTTP traffic should automatically redirect to HTTPS

Select the option to redirect HTTP traffic to HTTPS if you want all visitors to use a secure connection.

After the certificate is issued successfully, you will see a confirmation message indicating that HTTPS has been enabled.

Step 5: Verify HTTPS

Open your website in a web browser.

https://yourdomain.com

If everything is configured correctly, you'll see the secure padlock icon in the browser's address bar.

Step 6: Test Automatic Certificate Renewal

Let's Encrypt certificates are valid for 90 days. Certbot automatically renews certificates before they expire.

You can test the renewal process using the following command.

sudo certbot renew --dry-run

If the test is successful, you'll see output similar to:

Congratulations, all simulated renewals succeeded.

View Installed Certificates

To list all SSL certificates installed on your server, run:

sudo certbot certificates

Example output:

Found the following certs:
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: 2026-12-15

Useful Certbot Commands

Renew Certificates Manually

sudo certbot renew

List Installed Certificates

sudo certbot certificates

Check Installed Version

certbot --version

Troubleshooting

Domain Is Not Pointing to the Server

Verify that your domain's DNS A record points to your server's public IP address.

Nginx Configuration Test Fails

Check the configuration for syntax errors.

sudo nginx -t

Correct any reported issues before requesting the SSL certificate again.

Allow HTTP and HTTPS Through the Firewall

If UFW is enabled, allow Nginx traffic.

sudo ufw allow 'Nginx Full'

Reload the firewall.

sudo ufw reload

Conclusion

In this tutorial we have learned how to install Certbot using the Ubuntu APT repository and secured your Nginx website with a free Let's Encrypt SSL certificate. Certbot also configures automatic certificate renewal, helping keep your website protected without any additional maintenance.