Generate Free Let’s Encrypt SSL on Ubuntu 24.04
You generate a free Let’s Encrypt SSL certificate on Ubuntu 24.04 using the Certbot command-line tool.
Let’s Encrypt is a free, automated Certificate Authority that offers essential digital certificates to secure your website’s connection with HTTPS, encrypting all data transferred between your server and visitors.
This process is vital for website security and trust, especially since Let’s Encrypt certificates are valid for 90 days, but Certbot automates their renewal.
Install Certbot with `sudo apt install certbot`, then run `sudo certbot certonly –webroot -w /var/www/html -d your_domain.com` for webroot or `sudo certbot certonly –standalone -d your_domain.com` for standalone.
Install Certbot Client
The Certbot client is a tool that automates the certificate process for Let’s Encrypt on Linux systems.
Run the command below to install it.
sudo apt update
sudo apt install certbot
With the tool now installed, you can generate certificates for your server.
Generate a certificate with a web server
You can easily get a free Let’s Encrypt SSL certificate for your website on Ubuntu 24.04 if you already have a web server like Nginx or Apache running.
You must ensure that the server is accessible via port 80 for Let’s Encrypt verification from the Internet.
The command to generate a certificate is below, assuming a web server is installed.
sudo certbot certonly --webroot -w /var/www/html -d srv1.example.com
The command options:
- –webroot ==> [use a directory under webroot].
- -w /var/www/html ==> [working directory].
- -d ==> srv1.example.com [fully qualify server hostname].
When you press the enter key, you will see similar prompts like the ones below.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
# for only initial using, register your email address and agree to terms of use
# specify valid email address
(Enter 'c' to cancel): admin@example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# agree to the terms of use
(Y)es/(N)o: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: A
Account registered.
Requesting a certificate for srv1.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/srv1.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/srv1.example.com/privkey.pem
This certificate expires on 2025-03-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
...........
...........
After generating your free SSL certificates, they will be stored at the location provided with the fully qualified server hostname. [/etc/letsencrypt/live/[severname]/]
Generate a certificate without a web server
You can create a standalone Let’s Encrypt SSL certificate on Ubuntu 24.04 even if you don’t have a web server like Apache or Nginx installed yet.
The server must still be accessible from the internet on port 80 even without a web server.
The command to do that is below.
sudo certbot certonly --standalone -d srv1.example.com
The command options:
- –standalone ==> [use web server features].
- -d ==> srv1.example.com [fully qualify server hostname].
If the command is successful, you will see a message similar to the one below.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for srv1.example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/srv1.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/srv1.example.com/privkey.pem
This certificate expires on 2025-03-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your free SSL certificates should be ready to use.
Renewal
Your Let’s Encrypt SSL certificates on Ubuntu 24.04 are automatically renewed by the Certbot tool, so you usually don’t need to do anything.
There’s nothing to do, it should automatically renew your certificates.
Run the command below to check its status.
systemctl status certbot.timer
You should see something similar to the one below.
* certbot.timer - Run certbot twice daily
Loaded: loaded (/usr/lib/systemd/system/certbot.timer; enabled; preset: en>
Active: active (waiting) since Mon 2025-03-10 10:13:26 UTC; 1min 17s ago
Trigger: Tue 2025-03-20 10:21:37 UTC; 14h left
Triggers: * certbot.service
To manually renew the certificates, run the command below.
sudo certbot renew
To convert certificates to PKCS12 (PFX) format for Windows and other systems, run the command below.
sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out srv1.example.com.pfx
That should do it!
Conclusion:
In summary, generating a free Let’s Encrypt SSL certificate on Ubuntu 24.04 is a straightforward process that enhances your website’s security. Here are the key points to remember:
- Free Service: Let’s Encrypt provides cost-free SSL/TLS certificates to improve internet security.
- Automated Renewal: Certbot automates the certificate renewal process, ensuring your site remains secure without manual intervention.
- Flexible Options: Certificates can be generated with or without an existing web server, offering flexibility based on your server setup.
- Scheduled Tasks: Certbot creates system timers to manage the automatic renewal of certificates with minimal user input.
- PKCS12 Conversion: Certificates can be converted to different formats, such as PKCS12 (PFX), for wider compatibility across various systems.
By following the outlined steps, you can successfully secure your website with HTTPS, creating a safer online experience for your visitors.
Is Let's Encrypt SSL good?
Is Let's Encrypt secure? Yes, it is—though not necessarily for everyone. It uses the same cryptographic standards as other certificate authorities, so the SSL encryption between user and server is equally strong. Technically, it performs its function of securing data in transit effectively.
Is Let's Encrypt SSL or TLS?
Let's Encrypt is a Certificate Authority that provides free TLS certificates, making it easy for websites to enable HTTPS encryption and create a more secure Internet for everyone.
How to install a free SSL certificate in Ubuntu?
Then open up a preferred console i'll just use cmd on Windows. And log into your VPS i'll log in as root by typing in SSH root at my IP. Address.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
[…] you have already generated a SSL certificate, you can copy the certificates to the NetData directory specified in the config file […]
[…] Generate a free Let’s Encrypt SSL certificate […]