◦ Comprehensive security
◦ 24/7 support
VPS → Add Let’s Encrypt SSL Certificate
How to Add a Let’s Encrypt SSL Certificate in a VPS
When you’re running your own VPS, one of the first things you’ll want to do is lock it down with an SSL certificate. It keeps your visitors’ data secure, helps you earn trust, and even boosts SEO.
All VPS hosting plans from Liquid Web come with one free SSL certificate, and you can add more whenever you need. But if your VPS didn’t come with a free SSL, or you’re not using a control panel like cPanel or Plesk, you’ll need to install one manually. That’s where Let’s Encrypt comes in.
Get premium VPS hosting
High-performance VPS hosting that delivers unrivaled power
What is Let’s Encrypt?
Let’s Encrypt is a nonprofit certificate authority that gives out free SSL certificates. It’s widely trusted, totally legit, and designed to make HTTPS the default for everyone.
The easiest way to use Let’s Encrypt on a VPS is with a tool called Certbot. Certbot is an open-source client that handles most of the work—generating the cert, installing it, and even setting up auto-renewals so you don’t have to think about it later.
Gather your supplies
Before installing Certbot, make sure your VPS is ready to go. You’ll need a few things in place:
- Your DNS settings need to point to your VPS: The domain you’re securing should have an A record (or AAAA for IPv6) that resolves to your VPS IP.
- Your web server should be installed and running: Certbot supports Apache and Nginx out of the box. If you’re using something else, expect some manual config.
- Your website should be live and propagated: Let’s Encrypt verifies domain ownership via HTTP. That means your site needs to be publicly accessible before the SSL install.
Setup the Let’s Encrypt Certbot
Once your VPS is ready, here’s how to get Certbot installed and your SSL certificate set up. These steps assume you have root or sudo access to a Linux VPS (Ubuntu/Debian/CentOS/RHEL).
1. Install Certbot
Pick the right method for your OS and web server.
For Ubuntu/Debian (Apache):
sudo apt update
sudo apt install certbot python3-certbot-apache
For Ubuntu/Debian (Nginx):
sudo apt update
sudo apt install certbot python3-certbot-nginx
For CentOS/RHEL (Apache):
sudo yum install epel-release
sudo yum install certbot python3-certbot-apache
For CentOS/RHEL (Nginx):
sudo yum install epel-release
sudo yum install certbot python3-certbot-nginx
2. Generate an SSL certificate
Certbot can automatically generate and install a cert in one step.
For Apache:
sudo certbot –apache
For Nginx:
sudo certbot –nginx
You’ll be asked:
- Which domain to secure (if you have more than one)
- Whether to redirect HTTP to HTTPS (choose yes!)
Certbot then contacts Let’s Encrypt, verifies your domain, and installs the cert.
3. Configure your VPS
Certbot usually handles the config for you, but double-check:
Your SSL cert and key should be stored in /etc/letsencrypt/live/yourdomain.com/
Your web server should be loading them in the correct config file.
If Certbot didn’t update your config automatically, you can manually edit your virtual host or server block to include:
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
or for Apache:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
4. Refresh the server
Once everything’s in place, restart your web server to apply the changes.
Apache:
sudo systemctl restart apache2
Nginx:
sudo systemctl restart nginx
Now your site should load securely with HTTPS.
Additional considerations
There are a few other things to keep in mind once you’re set up:
- Domain verification must succeed: Certbot uses the ACME protocol to verify you own the domain. If DNS or firewall settings block access, the request will fail.
- SSL certificates expire every 90 days: Let’s Encrypt certificates are short-lived. But Certbot can automate the renewal. Add this to your crontab or use systemd timers:
sudo certbot renew –quiet - Certbot works with most control panels, but not all: If you add a panel like Webmin or CyberPanel later, you might need to reconfigure SSL or use the panel’s own tools.
Next steps for adding Let’s Encrypt SSL certificate to any VPS
Getting a Let’s Encrypt SSL certificate installed on your VPS is one of the easiest and most cost-effective ways to secure your website. It’s free, reliable, and fully automated when set up correctly.
If you’re comfortable working directly on your server and don’t have a control panel doing this for you, Certbot is your go-to tool.
When you’re ready to upgrade your hosting to a high-quality VPS, Liquid Web can help. We’ve been leading the industry for decades, because our VPS servers are fast, cloud-based for easy scalability, and unbeatably reliable. Choose your favorite OS and the management tier that works best for you.
Click below to explore VPS hosting options or start a chat with one of our experts right now to learn more.
Additional resources
VPS: A beginner’s guide →
A complete beginner’s guide to virtual private servers
How to install a VPN on a VPS →
Learn how to install a VPN on your VPS to enhance security, protect data, and ensure private browsing.
Managed VPS vs unmanaged VPS hosting →
How they compare so you can decide what’s best for you
David Richards has been an educator, a Technology Director, and now a Technical Writer for 20+ years. He’s an English major with a love for technology and helping others find ways to use technology more effectively. In his free time, Dave loves to read, play games, and spend time with his family.