Certbot SSL

Every website needs an SSL certificate so that the website can load securely without warnings over https rather then http.

As I’m running my sites on Digitalocean barebones VPS with Apache, the process of installing a free ssl certificate for all my websites is quick, easy and fun! 😉

Install an SSL certificate using certbot


You will need Sudo user access to your webserver so that you have adequate permissions to install the certbot software and also the SSL certificate.

  • sudo user access to server
  • certbot installed

After ssh into your server and with certbot already installed you can run the following commands

List installed certificates

This command is optional. I just like to start out running a safe command to list al the currently installed ssl certificates. If there is some problem with certbot then we will probably know about it with this command. And obviously it will list all certificates already installed on the server.

certbot certificates

The above command will tell you if certbot is installed and what certificates are already installed.

Checklist before installing the certificate

Before running the install command there is some things you MUST do for a successful install.

  • Your domain must be added to the server through the control panel
  • You have updated your virtual host file
  • Your dns is configured to point to the server you are about to install the certificate for.

Install an SSL certificate on Apache for your domain name

sudo certbot --apache -d

Install an ssl certificate on nginx for your domain name

The command for installing an ssl certificate for nginx is slightly different to the Apache install command.

sudo certbot --nginx -d

Deleting a certificate

It can be handy to delete certificates if they are not required or not working correctly. Sometimes it’s best to start over by deleting the certificate and the reinstalling.

sudo certbot delete --cert-name


If the certificate fails to install. Your domain might not be delegated correctly. Try ping your domain name from your terminal to see if you get a correct ip address response. The correct ip address should be the ip address of your web server. If the ip address is incorrect then the domain name is pointing to the wrong server and the ssl will not install.


Ensure the ipaddress in the response matches the ipaddress of your server. If it does not match, dont try installing the certificate.

Dont keep trying to install the certificate. Certbot can ban you if you have too many failed attempts.

This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.