A Guide to Implementing a Let’s Encrypt Certificate

…


# doign system wide isntalation is a mistake - high probabilty of latter being broken.
# sudo apt update
# sudo apt install certbot python3-certbot-nginx -y

sudo apt remove certbot python3-certbot-nginx -y
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -sf /snap/bin/certbot /usr/bin/certbot

sudo nginx -t
sudo systemctl reload nginx

sudo certbot --nginx -d bremontix.xyz

# Verify
curl -I <https://bremontix.xyz>

Certbot

Certbot will:

Contact Let’s Encrypt
Prove your domain via HTTP-01 challenge
Get the certificate
Automatically edit your Nginx config
Ask if you want to redirect HTTP → HTTPS

Renewal

https://github.com/louislam/uptime-kuma

Let’s Encrypt certs last 90 days. Certbot installs an automatic systemd timer or cron job. Test it manually:

sudo certbot renew --dry-run

Certification Agency

A Certificate Authority (CA) is a trusted third-party organization that issues digital certificates to prove ownership of a domain or entity.

The CA’s root certificates are built into operating systems and browsers — that’s why your browser “trusts” an SSL/TLS certificate signed by them.