If your VPS operating system does not have a control panel or it does not integrate a free SSL option, you can generate and install a free Let’s Encrypt SSL with Certbot. Just follow these steps:

Step 1 - Prepare the VPS

Before installing the SSL, make sure that your VPS:

  • Has a web server running (eg. Apache, NGINX, etc.)

  • The website hosted on your VPS is set up to be opened by entering the domain name on the address bar – not the IP

  • The domain is fully propagated and pointing to your VPS child nameservers. Installing an SSL with certbot while the domain is still propagating, will create a self-signed certificate, which may cause errors when accessing your website

Step 2 - Install dependencies

Certbot recommends using snapd for installation. Since snapd is not supported on Hostinger Linux-based VPS, you can use Python by installing it first on your server.

To start the process, connect to your VPS using SSH. Next, install the required dependencies (Python 3.6+, venv and Augeas) according to your OS:

For APT-based distributions (such as Debian or Ubuntu), run the following:

sudo apt update
sudo apt install python3 python3-venv libaugeas0

For RPM-based distributions (Fedora, CentOS), use this command:

sudo dnf install python3 augeas-libs

NOTES:

  • For older distributions that do not support dnf, use yum instead

  • Some RHEL-based distributions use python3x instead of python3 (eg. python38). Please refer to the documentation of your Linux distribution 🙂

  • If you have issues installing cryptography, you may need to install additional dependencies. Check this article for more information: Building Cryptography on Linux

Step 3 - Install Certbot

To prevent any conflicts with previous versions, remove any certbot packages already installed before installing the newest version. You can use your package manager (apt, dnf, yum, etc.) for this.

Once it's ready, run the following to set up a Python virtual environment:

sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip

To install certbot, run this on Apache:

sudo /opt/certbot/bin/pip install certbot certbot-apache

Or this for NGINX:

sudo /opt/certbot/bin/pip install certbot certbot-nginx

Next, create a symbolic link so that certbot can be executed from any path:

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Install and activate SSL for your websites and have certbot do all the configurations, by executing the following command for Apache:

sudo certbot --apache

For NGINX:

sudo certbot --nginx

NOTE:

  • To obtain only the certificates and configure the SSL manually, append certonly after certbot and before --apache or --nginx.

Since the SSL is active for 90 days, it is recommended to set up automatic renewal. You can do so by running the following:

echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

That’s it! You can now visit your website on an incognito window to verify that SSL is properly installed and working 😊

Additional resources:

Did this answer your question?