Tutorial

How to install a free Let's Encrypt SSL certificate on nginx and Apache

Install a free Let's Encrypt SSL certificate in 2 minutes with Certbot. Covers nginx, Apache, auto-renewal and HSTS. Ubuntu 22.04/24.04 tested.

Published 2026-07-15· 5 min read· Hostiger Editorial

Let's Encrypt issues free 90-day SSL certificates trusted by every browser. Certbot automates issuance and renewal. This works on any Hostiger VPS or dedicated server running Ubuntu.

Prerequisites

1. Install Certbot

# Ubuntu 22.04 / 24.04
apt update
apt install certbot python3-certbot-nginx -y   # for nginx
# apt install certbot python3-certbot-apache -y   # for Apache

2. Issue the certificate (nginx)

certbot --nginx -d example.com -d www.example.com \
  --agree-tos -m [email protected] --non-interactive --redirect

The --redirect flag automatically adds an HTTP → HTTPS 301 redirect to your nginx config.

2. Issue the certificate (Apache)

certbot --apache -d example.com -d www.example.com \
  --agree-tos -m [email protected] --non-interactive --redirect

3. Verify HTTPS is working

Open https://example.com. You should see the padlock icon. Test the config at SSL Labs — aim for A or A+.

4. Auto-renewal (already set up)

Certbot installs a systemd timer that runs twice a day. Verify:

systemctl list-timers | grep certbot
certbot renew --dry-run

If the dry-run passes, real renewals will succeed too. Certificates renew when 30 days remain.

5. Harden with HSTS

Add this to your nginx server block (inside the HTTPS server):

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

This forces browsers to always use HTTPS for a year. Only enable after HTTPS works reliably — HSTS is hard to reverse.

Common errors

For a fully-managed HTTPS-first experience, Hostiger Web Hosting plans include free SSL that renews automatically with no CLI required.

Ready to try Hostiger? Deploy a VPS in under 60 seconds.

View VPS plans