How To Install Let's Encrypt SSL On Ubuntu 18.04 (LAMP/LEMP)


Hi :slightly_smiling_face:

As we know that SSL is also a ranking factor these days. That’s why it is always recommended to use SSL certificate. It is beneficial both for security and SEO.

This is tutorial on how to enable Let’s Encrypt SSL on Ubuntu server (LEMP/LAMP).

It is recommended to disable Cloudflare SSL before installing let’s encrypt. If you want to use Cloudflare free shared SSL, please visit:-

Before proceeding, I am assuming that you had already configured LAMP/LEMP on your server. You can check my previous tutorial on LEMP/LAMP here:-

  • If you are on WordPress, you may be able to see this:-

Step 1:- Install Certbot On Ubuntu

First of all download and install let’s encrypt client (Certbot).

  • For LAMP stack:-
sudo su
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache
  • For LEMP stack:-
sudo -s
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx

Step 2:- Obtain SSL Certificate

Now certbot is installed on your server, its time to obtain SSL certificate. Please replace your domain name in place of example-com in commands below.

  • For LAMP stack:-
certbot --apache -d -d
  • For LEMP stack:-
certbot --nginx -d -d

At end of the installation, cerbot will ask about manual or automatic configuration of the server. Enter 2 for automatic configuration (recommended). Here is a sample screenshot for better understanding.


Step 3:- Verify SSL

Visit your site in the browser and it must support SSL. Alternatively, you can check SSL at

Step 4:- Remove Error Message

If you are getting improper redirection error message while visiting site. Access database using PHPMyAdmin and proceed as follows:-

  • Locate wp_options section.


  • Check Site URL and Home URL.

Step 5:- Ensure SSL Renewal

Let’s Encrypt SSL must be renewed after 90 days. Certbot automatically renews SSL certificate. However, you can ensure by running this test renewal command.

certbot renew --dry-run

If everything works fine without any warning, means everything is correct.

In this way, you can secure Apache or Nginx using let’s encrypt. Feel free for any question related to this tutorial.


Thanks and Regards


What to do before implementing SSL (Let's Encrypt)
Letsencrypt for Wordpress Site hosted on Vultr
How to enable free https in vultr?

Another helpful tutorial. Thanks for sharing it.