Install SSL Certificates for Free
SSL (Secure Sockets Layer) is a security protocol that encrypts the connection between a user’s browser and your web server.
When a user visits your website, data travels from their browser to the web server. Without an SSL Certificate, this data is sent as plain text — anyone in between (like a network provider or an attacker) can read it. SSL Certificates encrypt this data, making it unreadable to anyone except the intended receiver.
The difference you can see after installing an SSL Certificate is that the website loads on https:// instead of http://.
Beyond security, a website without an SSL Certificate is:
- Marked as “Not Secure” by web browsers, resulting in less traffic as users don’t trust unsecure websites.
- Google also uses HTTPS as a ranking parameter — no SSL means lower search rankings.
Prerequisites
Before installing an SSL Certificate, make sure the following are set up:
- A domain pointing to the server’s public IP address (A Record in DNS)
- A project deployed and running on the server — refer to Deploy a MERN Project on AWS EC2
- Nginx installed and the website config file exists in
/etc/nginx/sites-available/ - Port 80 (HTTP) and Port 443 (HTTPS) are open on the server’s firewall
Steps to Install SSL Certificates for Free
1. SSH into your Server
SSH is a secure way to remotely log in to your server from your local machine. There are two common ways depending on your server type.
Using a Password (VPS)
ssh root@<ip-address>After running this command, the terminal will prompt you to enter the password for the root user. Type the password and press Enter.
SSH into AWS EC2 Instance
ssh -i [saved_file_key].pem ubuntu@<public-ip-address>The -i flag specifies the PEM key file. This command must be run from the same directory where the .pem file is saved. If you run it from a different directory, SSH will not find the key and the login will fail.
To avoid this, open the terminal directly inside the folder where the .pem file is saved. On Windows, you can do this by navigating to the folder in File Explorer, clicking the address bar, typing cmd, and pressing Enter.
2. Install Required Packages
sudo apt update
sudo apt upgrade -y
sudo apt install certbot python3-certbot-nginx -ycertbot— the plugin that requests and installs the SSL Certificate from Let’s Encrypt and stores it on the serverpython3-certbot-nginx— modifies the Nginx config files to add the SSL Certificate information automatically
3. Start and Verify Nginx
sudo systemctl start nginx
sudo systemctl status nginxNginx must be running before Certbot can proceed.
4. Install the SSL Certificate
sudo certbot --nginx -d domain.com -d www.domain.comUse -d for each domain or subdomain you want to cover. Certbot will automatically update your Nginx config to handle HTTPS.
How to Renew SSL Certificates
Let’s Encrypt certificates are valid for 90 days. Certbot sets up an automatic renewal cron job during installation. You can verify it runs correctly with:
sudo certbot renew --dry-runIf the dry run completes without errors, renewal is working automatically. No manual action needed in most cases.
How to Remove SSL Certificates
Removing an SSL Certificate involves two steps — revoking it and then deleting it.
Step 1 — Revoke the Certificate
sudo certbot revoke --cert-name domain.comRevoking tells Let’s Encrypt to invalidate the certificate before its 90-day expiry. This is the correct practice when a domain is being decommissioned, transferred, or compromised — it ensures the certificate can no longer be used or trusted by anyone.
Step 2 — Delete the Certificate Files
sudo certbot delete --cert-name domain.comDeleting removes the certificate files from your server.
Revoke informs Let’s Encrypt; delete cleans up the local files. Both steps should be done together.
Conclusion
Installing an SSL Certificate using Certbot takes under 10 minutes once your server and domain are set up.
If you face any issues, let me know in the comments or email me at imagarwal05@gmail.com.