In this tutorial, you'll learn how to install Certbot using the Ubuntu APT repository, generate a free Let's Encrypt SSL certificate, and configure HTTPS for your Nginx website.
If you have an Nginx website running on Ubuntu 26.04, adding HTTPS with Let's Encrypt is one of the best ways to secure your website. Certbot makes the entire process simple by requesting a free SSL certificate, configuring Nginx automatically, and handling certificate renewals for you.
What is Certbot?
Certbot is a free tool developed for Let's Encrypt that automatically requests, installs, and renews SSL certificates. It also updates your Nginx configuration, so you don't have to edit SSL settings manually.
By the end of this tutorial, your website will be accessible over HTTPS with a trusted SSL certificate.
Note: This guide uses the APT package manager.
Prerequisites
Before getting started, make sure you have the following:
- Ubuntu 26.04 dedicated server
- Nginx installed and running
- A registered domain name
- Your domain's DNS A record pointing to your server's public IP address
- A user with sudo privileges
- Ports 80 and 443 open in your firewall
Step 1: Update Package Repository
Update your server package list.
sudo apt update
If updates are available, install them.
sudo apt upgrade -y
Step 2: Install Certbot for Nginx
Ubuntu 26.04 provides Certbot through its APT repository.
Install Certbot along with the Nginx plugin.
sudo apt install certbot python3-certbot-nginx -y
Once the installation is complete, verify that Certbot is installed.
certbot --version
Example output:
certbot 3.x.x
Step 3: Verify the Nginx Configuration
Before requesting an SSL certificate, make sure your Nginx configuration is valid.
sudo nginx -t
Expected output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Reload Nginx.
sudo systemctl reload nginx
Step 4: Request a Let's Encrypt SSL Certificate
Run Certbot using the Nginx plugin.
Replace the example domain with your own domain.
sudo certbot --nginx -d example.com -d www.example.com
Example:
sudo certbot --nginx -d hostnextra.com -d www.hostnextra.com
During installation, Certbot will ask for the following information:
- Your email address
- Agreement to the Let's Encrypt Terms of Service
- Whether HTTP traffic should automatically redirect to HTTPS
Select the option to redirect HTTP traffic to HTTPS if you want all visitors to use a secure connection.
After the certificate is issued successfully, you will see a confirmation message indicating that HTTPS has been enabled.
Step 5: Verify HTTPS
Open your website in a web browser.
https://yourdomain.com
If everything is configured correctly, you'll see the secure padlock icon in the browser's address bar.
Step 6: Test Automatic Certificate Renewal
Let's Encrypt certificates are valid for 90 days. Certbot automatically renews certificates before they expire.
You can test the renewal process using the following command.
sudo certbot renew --dry-run
If the test is successful, you'll see output similar to:
Congratulations, all simulated renewals succeeded.
View Installed Certificates
To list all SSL certificates installed on your server, run:
sudo certbot certificates
Example output:
Found the following certs:
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: 2026-12-15
Useful Certbot Commands
Renew Certificates Manually
sudo certbot renew
List Installed Certificates
sudo certbot certificates
Check Installed Version
certbot --version
Troubleshooting
Domain Is Not Pointing to the Server
Verify that your domain's DNS A record points to your server's public IP address.
Nginx Configuration Test Fails
Check the configuration for syntax errors.
sudo nginx -t
Correct any reported issues before requesting the SSL certificate again.
Allow HTTP and HTTPS Through the Firewall
If UFW is enabled, allow Nginx traffic.
sudo ufw allow 'Nginx Full'
Reload the firewall.
sudo ufw reload
Conclusion
In this tutorial we have learned how to install Certbot using the Ubuntu APT repository and secured your Nginx website with a free Let's Encrypt SSL certificate. Certbot also configures automatic certificate renewal, helping keep your website protected without any additional maintenance.

