If your VPS operating system does not have a control panel or it does not integrate a free SSL option, you can generate and install a free Let’s Encrypt SSL with Certbot. Just follow these steps:
Step 1 - Prepare the VPS
Before installing the SSL, make sure that your VPS:
Has a web server running (eg. Apache, NGINX, etc.)
The website hosted on your VPS is set up to be opened by entering the domain name on the address bar – not the IP
The domain is fully propagated and pointing to your VPS child nameservers. Installing an SSL with Certbot while the domain is still propagating will create a self-signed certificate, which may cause errors when accessing your website
Step 2 - Install Dependencies
Certbot recommends using snapd for installation. Since snapd is not supported on Hostinger Linux-based VPS, you can use Python by installing it first on your server.
To start the process, connect to your VPS using SSH. Next, install the required dependencies (Python 3.6+, venv and Augeas) according to your OS:
For APT-based distributions (such as Debian or Ubuntu), run the following:
sudo apt update
sudo apt install python3 python3-venv libaugeas0
For RPM-based distributions (Fedora, CentOS), use this command:
sudo dnf install python3 augeas-libs
NOTES:
For older distributions that do not support
dnf, useyuminsteadSome RHEL-based distributions use
python3xinstead ofpython3(eg.python38). Please refer to the documentation of your Linux distribution 🙂If you have issues installing cryptography, you may need to install additional dependencies. Check this article for more information: Building Cryptography on Linux
Step 3 - Install Certbot
To prevent any conflicts with previous versions, remove any Certbot packages already installed before installing the newest version. You can use your package manager (apt, dnf, yum, etc.) for this.
Once it's ready, run the following to set up a Python virtual environment:
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
To install Certbot, run this on Apache:
sudo /opt/certbot/bin/pip install certbot certbot-apache
Or this for NGINX:
sudo /opt/certbot/bin/pip install certbot certbot-nginx
Next, create a symbolic link so that Certbot can be executed from any path:
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
Install and activate SSL for your websites and have Certbot do all the configurations by executing the following command for Apache:
sudo certbot --apache
For NGINX:
sudo certbot --nginx
NOTE:
To obtain only the certificates and configure the SSL manually, append
certonlyaftercertbotand before--apacheor--nginx.
Since the SSL is active for 90 days, it is recommended to set up automatic renewal. You can do so by running the following:
echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
That’s it, you can now visit your website on an incognito window to verify that SSL is properly installed and working 😊
Additional resources:
If your OS has a control panel (such as Cyberpanel or cPanel), check this article: How to install SSL on VPS
You can find more alternative methods to install Certbot here: Install Certbot using Docker, pip