DEV Community

Cover image for SSL/TLS Certificates with Certbot and Nginx: The 2025 Guide
AddWeb Solution Pvt Ltd profile image Narendra Chauhan
Narendra Chauhan for AddWeb Solution Pvt Ltd

Posted on

SSL/TLS Certificates with Certbot and Nginx: The 2025 Guide

#certbot #letsencrypt #ssl #tls

“HTTPS is no longer a feature, it’s the foundation of trust on the web.”— Troy Hunt, Security Researcher

Table of Contents

  1. Introduction
  2. What Is SSL/TLS and Why It Matters
  3. What Is Certbot?
  4. How to Install an SSL Certificate with Certbot (Step-by-Step)
  5. Common Configurations and Auto-Renewals
  6. Key Stats & Interesting Facts
  7. FAQs
  8. Key Takeaways
  9. Conclusion

1. Introduction

If you're running a website or web app in 2025 and it's not using HTTPS, you're doing it wrong. SSL/TLS certificates are no longer optional — they’re expected, even by browsers.

But the good news? It’s easier than ever to secure your websites using Certbot and Nginx — two powerful tools that make HTTPS setup simple and fast.

In this guide, you’ll learn how to issue, install, and auto-renew an SSL certificate using Certbot, all within a few minutes.

2. What Is SSL/TLS and Why It Matters

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are encryption protocols that keep data safe between your browser and server. When you visit a site with https://, you’re using TLS.

Why You Need It:

  • Security – Encrypts sensitive data like login details and payments
  • Trust – Boosts user confidence (padlock in the browser)
  • SEO – Google favors HTTPS sites in rankings
  • Compliance – Required for sites handling personal or payment data

"The internet runs on trust — and HTTPS is its currency."
— Scott Helme, Web Security Specialist

3. What Is Certbot?

Certbot is a free, open-source tool from the Electronic Frontier Foundation (EFF) that automates:

  • Getting SSL/TLS certificates from Let’s Encrypt
  • Configuring them with Nginx or Apache
  • Renewing them before expiry

In short, Certbot + Let’s Encrypt = free HTTPS with zero hassle.

4. How to Install an SSL Certificate with Certbot (Step-by-Step)

Let’s break it down for Ubuntu + Nginx setup:

Step 1: Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Check Nginx is Running

sudo systemctl status nginx

  • If it's not active, start it: sudo systemctl start nginx

Step 3: Run Certbot with Nginx Plugin

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot will:

  • Verify your domain via HTTP challenge
  • Update your Nginx config
  • Reload Nginx with HTTPS settings

Step 4: Test HTTPS

Visit: https://yourdomain.com
You should see the padlock in your browser

5. Auto-Renewal (Hands-Free SSL Forever)

Let’s Encrypt certificates are valid for 90 days. But Certbot can auto-renew them.

Check the renewal process:
sudo certbot renew --dry-run

Certbot installs a cron job or systemd timer automatically, so you're covered.

6. Key Stats & Interesting Facts

  • 300+ million websites use Let’s Encrypt (powered by Certbot) Source: Let’s Encrypt
  • SSL boosts SEO rankings — confirmed by Google Source: SEO rankings
  • HTTPS is now mandatory for all Chrome and Firefox features (e.g., geolocation, service workers) Source: HTTPS

“Let’s Encrypt has helped democratize encryption — now anyone can secure their site in minutes.” — Josh Aas, Executive Director of ISRG (Let’s Encrypt)

7. FAQs

Q1: Is Certbot free to use?
Yes, completely free. It works with Let’s Encrypt, which is a free certificate authority.

Q2: Do I need a domain name?
Yes. Let’s Encrypt verifies ownership of real domains via DNS or HTTP.

Q3: Can I secure subdomains?
Absolutely. Just include them in the Certbot command:
sudo certbot --nginx -d example.com -d api.example.com

Q4: What if I’m using Apache instead of Nginx?
Certbot has a plugin for Apache too:
sudo certbot --apache

Q5: Will it break my Nginx config?
Certbot is safe and creates backups. But it's always good to run:
sudo nginx -t

before and after to validate changes

8. Key Takeaways

  • SSL/TLS is essential for modern web security, SEO, and trust
  • Certbot makes HTTPS setup fast, free, and easy
  • Works smoothly with Nginx and Apache on most Linux servers
  • Auto-renewal ensures your certificate never expires
  • You can go from HTTP to HTTPS in under 5 minutes

9. Conclusion

Securing your website doesn’t have to be complicated. With Certbot and Nginx, you can enable HTTPS in just a few commands and forget about certificate renewal worries.
It’s 2025 — there’s no excuse to serve your app without encryption. Your users, your SEO, and your credibility depend on it.
So go ahead — grab a Let’s Encrypt certificate and give your website the security badge it deserves.

About the Author: Narendra is a DevOps Engineer at AddWebSolution, specializing in automating infrastructure to improve efficiency and reliability.

Top comments (0)