Install and Setup LetsEncrypt on Nginx on Debian

Installing LetsEncrypt With Nginx On Debian

In this tutorial we’ll install LetsEncrypt on Nginx web server on a Debian machine.

What is LetsEncrypt?

LetsEncrypt is a not-for-profit certificate authority providing digital certificates for secure connections enabling HTTPS for websites and services. Certificates can be automatically obtained, configured for use, and even renewed on time securely and transparently.

What do you need to install LetsEncrypt on Nginx?

A debian machine with a fully functional Nginx web server installed and, a domain name of your own.

The easiest way to secure Nginx with LetsEncrypt is using the Certbot’s Nginx plugin, and following the prompts.

What is Certbot?

Certbot is the most popular ACME client, officially recommended by LetsEncrypt for users with shell access. It can obtain, install, and renew certificate automatically with no downtime. It is available on most platform, and easy to use.

Steps to Setup LetsEncrypt on Nginx

The recommended way of installing Certbot is through snapd, so we’ll be first installing snapd since Debian doesn’t come pre-installed with snapd.

Step 1: Install Snapd

Before installing the Certbot make sure your repositories are up-to date on your Debian machine by using the apt command:

sudo apt update

To install snapd execute the following command,

sudo apt install snapd

and then:

sudo snap install core

Step 2: Install Certbot using Snap daemon

Now after we have successfully installed snap daemon and we are ready to install Certbot! We can install certbot by executing the following command,

sudo snap install --classic certbot


suryansh@journaldev:~$ sudo snap install --classic certbot
certbot 1.14.0 from Certbot Project (certbot-eff*) installed

Now with that message above, we have successfully installed certbot.

To make the certbot command now available for usage, execute the following command with sudo:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 3: Installing LetsEncrypt on Nginx using Certbot’s autoconfiguration

Execute the following command, and follow the terminal prompts to automatically obtain, and install the certificate using Certbot’s autoconfiguration.

sudo certbot --nginx

You need to enter your email at this step,

Enter Your Email
Enter your email (instead of

Now following after entering your email, you need to go through the Terms of Service of LetsEncrypt with the link provided to the Terms of Service, if you agree with it, enter Y

Do You Agree Terms Of Service 2
Enter Y if you agree with the LetsEncrypt’s Terms of Service

Next, if you wish receive the campaigns from the organization, enter Y

 LetsEncrypt on Nginx Campaign Emails 2
Enter Y if you wish to receive the campaign emails.

Now you are required to enter the domain name for which you are obtaining the certificate for,

Enter Your Domain 2
Enter the domain name (instead of

This is what a successful HTTP challenge for validation of domain looks like,

Http Challenge To Verify Ownership 3 LetsEncrypt on Nginx
Successful HTTP challenge

Now the certificate is successfully installed with Nginx and is automatically configured by certbot to redirect all the traffic from the HTTP to HTTPS, with this you’ll be able to visit your website over HTTPS.

Step 4: Testing Certbot’s Automatic Renewal

Now once you are done with everything it is important to test out the Certbot’s automatic renewal service, which will automatically renew the certificate so that it may not lead into any inconvenience. Execute the following command to test our the automatic renewal,

sudo certbot renew --dry-run

A successful test would look like the following:

Successful Dry Run Renewal LetsEncrypt on Nginx
Successful test for automatic renewal


LetsEncrypt is a great service to obtain free SSL certificates to provide secure connections, and usage of certbot makes it easier to obtain, configure, and renew the certificate automatically. We hope you now know how to setup LetsEncrypt on Nginx web server!