Starline VPS logoStarline VPS
← Back to Blog
How to Set Up SSL Certificates on Your VPS
Tutorial

How to Set Up SSL Certificates on Your VPS

February 12, 20247 min read

SSL (Secure Sockets Layer) certificates are essential for securing your website and protecting user data. They encrypt the connection between your server and users' browsers, preventing data interception and building trust with your visitors.

The easiest way to obtain free SSL certificates is through Let's Encrypt, a certificate authority that provides trusted certificates at no cost. Certbot is the official client for Let's Encrypt and simplifies the entire process.

Before installing SSL certificates, ensure your domain points to your VPS server's IP address. SSL certificates are issued for specific domains, so DNS must be properly configured. You should be able to access your website via HTTP before proceeding.

To install Certbot, use your package manager. For Ubuntu/Debian, run: sudo apt update && sudo apt install certbot. For CentOS/RHEL, use: sudo yum install certbot. Some systems may require enabling EPEL repository first.

Once Certbot is installed, you can obtain a certificate. For Nginx, use: sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com. For Apache, use: sudo certbot --apache with the same domain flags. Certbot will automatically configure your web server.

Certbot will prompt you for an email address for renewal notifications and ask if you agree to terms of service. It will then automatically obtain and install your certificate, updating your web server configuration.

Certificates from Let's Encrypt expire after 90 days, but Certbot can automatically renew them. Set up a cron job or systemd timer to check for renewal. Certbot typically includes a renewal script that runs twice daily.

To test automatic renewal, use: sudo certbot renew --dry-run. This simulates the renewal process without actually renewing. If this works, your automatic renewal is properly configured.

For advanced users, you can manually obtain certificates using standalone mode or DNS validation. Standalone mode works when no web server is running, while DNS validation requires adding TXT records to your DNS.

After installation, test your SSL configuration using online tools like SSL Labs SSL Test. This will verify your certificate installation and provide a security rating. Always redirect HTTP to HTTPS to ensure all traffic is encrypted.

View All Blog Posts