How to install Free SSL using Let's Encrypt on Ubuntu 2026

This is a step-by-step guide to the Let's Encrypt SSL installation for Nginx on Ubuntu server. We will go through several applicable settings to make the configuration easier and smarter.

Step 1 - Install LetsEncrypt

Before installing new soft you should always consider updating the package list in order to have your software up to date.

sudo apt-get update

Add software repository Ubuntu

Installation

For now, everything is ready to install LetsEncrypt on your server:

This command will install the lets-encrypt dummy package that includes certbot and other utilities for SSL installation.

Step 2 - Configure NginX for Let's Encrypt SSL

In my configuration examples, I will use the following domain name 'ssl.itsyndicate.org'. Do not forget to change it for your needs when you do a copy-paste. Now it's time for a small life hack that will show you how to optimize the process of adding new certificates to your server.

We will use Nginx default config to catch all requests with a non-secure connection that are going to our server aka non-ssl which will target 80 port.

As you can see we are using /.well-known/acme-challenge/ directory to catch all requests for location and /var/www/letsencrypt directory to host acme-challenges. So let's create a directory after you edited the default Nginx vhost config:

Before applying changes to your Nginx settings always check the configuration file:

You should get a notification that syntax is ok:

To apply changes to our new Nginx vhost configuration that is designed to catch all of your Let's Encrypt certificates challenges do the following:

Step 3 - Request new Let's Encrypt SSL

Now it is time to request our first Let's Encrypt SSL certificate for our domain:

Now it is time to request our first Let's Encrypt SSL certificate for our domain:

Let me describe some important options in our command:

--webroot-path=/var/www/letsencrypt This specifies the directory where validation files will be stored. Nginx is configured to serve this directory so that Let's Encrypt can verify domain ownership.

-m [email protected] This option sets the email address used for important notifications, such as expiry reminders and security alerts.

--agree-tos This flag automatically accepts the Let's Encrypt Terms of Service, enabling a fully automated SSL certificate setup.

-d ssl.itsyndicate.org This defines the domain name for which the SSL certificate will be issued.

After command execution you should see Congratulations message:

IMPORTANT NOTES:

- If you lose your account credentials, you can recover through
e-mails sent to [email protected].

- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ssl.itsyndicate.org/fullchain.pem. Your cert
will expire on 2018-08-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.

- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.

- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Step 4 - Configure Nginx vhost

Now we have new SSL installed to '/etc/letsencrypt/live/ssl.itsyndicate.org/'. It's time to configure our Nginx vhost to serve https requests for the desired domain. Here is my example:

Let's test and reload our new NginX configuration:

Step 5 - Configure Let's Encrypt SSL auto-renewal

Let's Encrypt issues certificates for 90 days. You have an opportunity to reinstall it manually when you got the email that your SSL expires soon, but I think there is a smart way to automate that. We will use daily cron on our Ubuntu server to renew our SSL certificate.

I use file '/etc/cron.daily/letsencrypt' file to setup cron with the following content:

Step 6 - Test SSL configuration

When we are done with configuration it's time to take a cup of coffee and relax test our configuration. There are dozens of options to test SSL, but I will use two, the first one is curl:

curl -vI [https://ssl.itsyndicate.org](https://ssl.itsyndicate.org)

Server certificate:

subject: CN=ssl.itsyndicate.org

start date: May 3 15:44:12 2022 GMT

expire date: Aug 1 15:44:12 2022 GMT

subjectAltName: host "ssl.itsyndicate.org" matched cert's "ssl.itsyndicate.org"

issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3

SSL certificate verify ok.

The second option is to open your site in Google Chrome and check SSL certificate in dev tool under security tab:

Conclusion

Now you know how to install Let's Encrypt SSL on Ubuntu server to secure your site. It is a very simple, useful, and cheap solution to protect your site and improve a bit your SEO rankings. If you have issues with installation or you want to save time - ask our technicians to maintain your server for you.