How to Install Let’s Encrypt SSL on Ubuntu (16.04–24.04) – Apache & Nginx Guide

By /

Install Let’s Encrypt SSL on Ubuntu 16.04–24.04 (Apache & Nginx)

This guide shows you how to install a free Let's Encrypt SSL certificate on Ubuntu 16.04, 18.04, 20.04, 22.04 and 24.04 for both Apache and Nginx – with copy-and-paste commands and automatic renewal.

SSL (more accurately TLS) encrypts the connection between your website and your visitors. You should always run your sites over HTTPS: it protects users, removes browser "Not Secure" warnings and can help your rankings in Google. Let's Encrypt provides SSL certificates for free, and Certbot makes getting and renewing them automatic.

I run most of my WordPress sites on Ubuntu with Nginx on DigitalOcean droplets, and every one of them uses Let's Encrypt. This page is the updated version of my original Ubuntu 16.04 guide, expanded to cover Ubuntu 16.04 all the way up to 24.04 and supporting both Apache and Nginx.

What you'll do:
1) Check DNS and prerequisites
2) Install Certbot (per Ubuntu version)
3) Obtain and install an SSL certificate for Apache or Nginx
4) Enable automatic renewal and test it
5) (Optional) Add SSL to more domains

Step 1 – Prerequisites & DNS

Before you run Certbot, make sure you have:

  • An Ubuntu server (16.04, 18.04, 20.04, 22.04 or 24.04)
  • Apache or Nginx installed and serving your site over HTTP
  • A domain name pointing to your server's public IP (via an A record)

For example:

  • A record: example.com → your server IP
  • A record (optional): www.example.com → your server IP
If you can open http://example.com in a browser and see your site, you're ready to install SSL.

Step 2 – Install Certbot & Get SSL (Apache / Nginx + Ubuntu version)

Use the tabs below to select your web server (Apache or Nginx), then choose your Ubuntu version. You can copy each command line by line.

Apache – Install Certbot & HTTPS

Apache on Ubuntu 16.04

Install Certbot from the PPA, then request an SSL certificate:

sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install python-certbot-apache -y
sudo certbot --apache -d example.com -d www.example.com

Follow the prompts, choose the option to redirect HTTP to HTTPS, and Certbot will automatically configure Apache with your new Let's Encrypt certificate.

Apache on Ubuntu 18.04

sudo apt update
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d example.com -d www.example.com

Again, choose the redirect option so all HTTP requests are sent to HTTPS.

Apache on Ubuntu 20.04 (Snap recommended)

Certbot now recommends using the Snap package on Ubuntu 20.04 and newer.

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache -d example.com -d www.example.com

Certbot will edit your Apache vhost and install the certificate automatically.

Apache on Ubuntu 22.04 (Snap)

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache -d example.com -d www.example.com

Choose the HTTPS redirect option when prompted.

Apache on Ubuntu 24.04 (Snap)

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache -d example.com -d www.example.com

Certbot will configure Apache with HTTPS and set up automatic renewal.

Nginx – Install Certbot & HTTPS

Nginx on Ubuntu 16.04

sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install python-certbot-nginx -y
sudo certbot --nginx -d example.com -d www.example.com

Certbot will update your Nginx server block and enable HTTPS.

Nginx on Ubuntu 18.04

sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example.com -d www.example.com

Nginx on Ubuntu 20.04 (Snap)

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d example.com -d www.example.com

Nginx on Ubuntu 22.04 (Snap)

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d example.com -d www.example.com

Nginx on Ubuntu 24.04 (Snap)

sudo apt update
sudo apt install snapd -y
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d example.com -d www.example.com
Important: never install Certbot both via apt and via Snap on the same server. Pick one method (apt for 16.04/18.04, Snap for 20.04+ in this guide) to avoid conflicts.

Step 3 – Automatic Renewal

Let's Encrypt certificates are valid for 90 days. Certbot is designed to renew them automatically and reload Apache or Nginx as needed.

Check renewal (all Ubuntu versions)

sudo certbot renew --dry-run

If the dry-run succeeds, your renewals are correctly configured. For Snap-based installs, Certbot sets up a systemd timer that runs twice a day and renews certificates that are close to expiry.

Optional: manual cron job

If you prefer a cron-based approach (older style), you can add:

sudo crontab -e

Then add a line like this to run renewal at 3am daily:

0 3 * * * certbot renew --quiet

For Apache, you can also reload after renewal if needed: 

0 3 * * * certbot renew --quiet && systemctl reload apache2

Step 4 – Add SSL for More Domains

To add a certificate for another domain on the same server, repeat the relevant Certbot command with the new domain:

sudo certbot --apache -d secondsite.com -d www.secondsite.com

Or for Nginx:

sudo certbot --nginx -d secondsite.com -d www.secondsite.com

As long as each domain's DNS A records point to this server and the virtual hosts/server blocks are configured, Certbot can manage multiple certificates on the same machine.

Step 5 – Verify HTTPS & Troubleshoot

Finally, load your site in a browser using https://example.com and check:

  • You see a padlock icon (or "Secure" indicator) in the address bar.
  • There are no browser warnings about invalid or mixed content.

If something goes wrong

  • Check your web server config (apache2 or nginx site configs).
  • Look at Certbot logs: /var/log/letsencrypt/letsencrypt.log
  • Check web server logs:
    • Apache: /var/log/apache2/error.log
    • Nginx: /var/log/nginx/error.log

Once it's working, your site is secured with free Let's Encrypt SSL, auto-renewing in the background. All your visitors will see HTTPS by default, and you avoid browser security warnings.

Get $200 Free DigitalOcean Credit

Remember, if you don't already have a DigitalOcean account, you can get $200 free credit using my referral link below:

👉 Click here to claim $200 DigitalOcean credit

I use DigitalOcean for nearly all of my WordPress and Nginx servers, including the exact setup shown in this guide. It's fast, reliable, and perfect for running Postfix email forwarding.

Related Posts

Scroll to Top