Search here...

How to Manually Install and Configure an SSL Certificate on a Linux Server

Editorial Staff
By Editorial Staff

Table of Contents

Prerequisites

This guide assumes you're working with a Linux server (e.g., Ubuntu, CentOS, Debian, etc.) with access to the terminal (SSH)
A Registered Domain Name
Web Server (Apache)
Access to DNS Configuration
Root or Sudo Privileges
Port 80 (HTTP) and Port 443 (HTTPS) Open
The web server's configuration files (e.g., Apache's httpd.conf or Nginx's nginx.conf) should be set up properly for serving your domain before applying SSL
A Good Understanding of Command Line

Introduction

In today's digital world, securing your website with HTTPS has become essential for protecting user data and improving search engine rankings. One of the easiest and most cost-effective ways to achieve this is by using Let's Encrypt, a free and automated Certificate Authority (CA) that provides Domain Validation (DV) SSL certificates.

While most users rely on automated tools like Certbot to obtain and install these certificates, it's also valuable to understand the manual process, especially in custom server setups or when troubleshooting. This guide will walk you through the steps to manually install and configure an SSL certificate on a Linux server using Let's Encrypt, ensuring your website's traffic is encrypted and secure.

By the end of this tutorial, you'll have a fully functional SSL certificate on your server, protecting your visitors' data and enhancing your site's trustworthiness.

Update Your Package Index

For Ubuntu/Debian

sudo apt update

For CentOS/RHEL

sudo yum update
sudo dnf update # CentOS 8 or newer

Steps to Install the SSL Module (mod_ssl) on Apache

Certbot is used to automatically configure SSL certificates for your web server (Apache or Nginx). For Apache, Certbot needs the mod_ssl module to be enabled in order to configure SSL properly. Without it, Certbot won't be able to enable SSL and secure your site.

sudo yum install mod_ssl # CentOS/RHEL
sudo dnf install mod_ssl # CentOS 8 or Newer
sudo apt install apache2-mod_ssl # Ubuntu/Debian

Enable mod_ssl (if it's not already enabled)

sudo systemctl restart apache2 # For Ubuntu/Debian
sudo systemctl restart httpd # For CentOS/RHEL

Verify SSL is Enabled

apachectl -M | grep ssl # For Ubuntu/Debian
httpd -M | grep ssl # For CentOS/RHEL

Install Certbot

Certbot is the tool we'll use to obtain the SSL certificate from Let's Encrypt.

For Ubuntu/Debian

sudo apt install certbot

For CentOS/RHEL

If you’re using CentOS 7 or RHEL 7, you’ll need to install the EPEL repository first:

sudo yum install epel-release
sudo yum install certbot
sudo dnf install certbot # CentOS 8 or newer

For Apache, you can install the Apache plugin:

sudo apt install python3-certbot-apache # Ubuntu/Debian
sudo dnf install python3-certbot-apache # CentOS 8 or newer

Obtain an SSL Certificate

Certbot allows you to manually request an SSL certificate.

HTTP Verification

This method works by placing a challenge file on your server that Let's Encrypt can check.

Run the following command to request a certificate:

sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com with your actual domain name. Certbot will temporarily spin up a web server to serve the challenge file for validation.

Configure Your Web Server

Once the SSL certificate is issued, you'll need to configure your web server to use it.

Find Your SSL Certificate Files

Certbot typically saves the certificate files in /etc/letsencrypt/live/yourdomain.com/

  • Certificate: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
  • Private Key: /etc/letsencrypt/live/yourdomain.com/privkey.pem

Edit Apache Configuration

Add or modify the SSL virtual host section:

<VirtualHost *:443>
    ServerName yourdomain.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem

    # Redirect all HTTP traffic to HTTPS
    Redirect permanent / https://yourdomain.com/

    # Optional: Add your SSL configuration (e.g., protocols, ciphers, etc.)
</VirtualHost>

sudo systemctl restart httpd # CentOS
sudo systemctl restart apache2 # Ubuntu/Debian

Using the Redirect Directive

Using a simple Redirect directive is simpler than using mod_rewrite because you don't have to enable mod_rewrite or set up complex rules. It works by telling Apache to send a permanent redirect for all traffic to the HTTPS version of the site.

# Redirect all HTTP traffic to HTTPS
Redirect permanent / https://yourdomain.com/

Check Apache Configuration for Errors

Before restarting Apache, it's a good practice to check for syntax errors in the configuration files. Running the apachectl configtest command will help identify any issues, ensuring that your server won't encounter problems when applying changes. If the configuration is correct, you'll see a message saying "Syntax OK."

Test Your SSL Configuration

Once the SSL certificate is installed and your web server is configured, you should test your website to ensure that the SSL is working properly:

Open a browser and navigate to https://yourdomain.com. You should see the padlock icon in the address bar, indicating the site is secure.

SSL Security Tools: Check, Diagnose, and Improve Your Website's Encryption

Final Thoughts

By following these steps, you've successfully installed and configured a free SSL certificate from Let's Encrypt on your Linux server, ensuring that your website is secure and encrypted with HTTPS. This not only boosts your website's security but also improves user trust and SEO rankings, as search engines prefer secure sites.

The Certbot tool simplifies the entire process, automating certificate installation and renewal. It's important to remember that Let's Encrypt certificates are valid for 90 days, but with Certbot's automated renewal, this process is seamless and worry-free.

With your SSL certificate in place, you've made a crucial step towards protecting your website and your users' data. Whether you're running an e-commerce site, a blog, or any other web application, SSL is now an essential standard for any website that wants to maintain a secure online presence.

Remember to periodically check the status of your SSL certificate and ensure auto-renewal is functioning correctly. With these basic practices in place, your site will continue to stay safe and up-to-date, providing the best possible experience for your visitors.

If you run into any issues during setup or need to troubleshoot, Let's Encrypt and Certbot both offer robust documentation and support communities to help you along the way.

Happy securing!


Previous article
Mastering Apache Virtual Hosts on Linux: A Step-by-Step Guide
Next article
Maximize Your Workflow with These Top Vim Commands

Popular (all time)

Related articles

How to Edit Your WordPress Admin Username and Author Slug via MySQL

Editorial Staff -
In this guide, we’ll walk you through the process of editing both the admin username and author slug using MySQL. Whether you’re looking to strengthen your site's security or simply personalize your author URL, this straightforward method will help you make the changes with ease.

Getting Started with React

Editorial Staff -
In this guide, we will cover the basics of setting up a local development environment, starting a simple React project, and the basics of how it works.

How to Simplify Your Terminal with Custom Bash Aliases

Editorial Staff -
By creating custom shortcuts for your most-used commands, you can save time, reduce errors, and make your terminal experience faster and more enjoyable. In this guide, we’ll show you how to create and manage your own Bash aliases to simplify your terminal workflow and boost your productivity.

Follow us

Huntcode.com exists to help you learn at your own pace (our content is here 24/7, on-demand, whenever you need it), and we cover everything from web development basics to advanced topics like Cyber Security and server management.

Explore

Latest news

Mastering Linux File Permissions: A Comprehensive Guide

SysAdmin 0
In this comprehensive guide, we'll explore everything you need to know about Linux file permissions—from basic concepts to advanced management techniques. You'll learn how to control who can access, modify, or execute files and directories, and how to implement best practices for secure system administration. Whether you're a beginner or looking to enhance your skills, this guide will give you the knowledge to master Linux file permissions and ensure your system runs safely and efficiently.

How to Install MySQL on Linux: A Step-by-Step Guide

SysAdmin 0
In this step-by-step guide, we'll walk you through the process of installing MySQL on a Linux system. From the initial installation to configuring your MySQL server, we'll cover everything you need to get up and running. This guide is suitable for users of various Linux distributions, including Ubuntu, CentOS, and Debian, and will ensure that you have MySQL installed and ready to use in no time.

Mastering Apache Virtual Hosts on Linux: A Step-by-Step Guide

SysAdmin 0
In this guide, we'll walk you through the process of setting up Apache Virtual Hosts on a Linux server. Whether you're new to Apache or looking to refine your server management skills, this step-by-step tutorial will provide you with the knowledge to host multiple sites efficiently. Let's dive in and master Apache Virtual Hosts!
Cam G Media, LLC is excited to announce its membership in the NVIDIA Inception Program.

© 2025 NVIDIA, the NVIDIA logo, are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries.

We want to help anyone curious about coding unlock new opportunities through learning.

Copyright © 2025 Cam G Media, LLC. All rights reserved.