Certbot - Install Ubuntu
Install Certbot with NGINX plugin on Ubuntu/Debian.
sudo apt update
sudo apt install certbot python3-certbot-nginxCertbot - Install RHEL
Install Certbot on RHEL/CentOS/Rocky Linux.
sudo dnf install certbot python3-certbot-nginxCertbot - Install Apache Plugin
Install Apache plugin instead of NGINX.
sudo apt install python3-certbot-apacheCertbot - Install Fedora
Install on Fedora Linux.
sudo dnf install certbot python3-certbot-nginxCertbot - Install Arch
Install on Arch Linux.
sudo pacman -S certbot certbot-nginxCertbot - Snap Installation
Install using Snap (works on most Linux distributions).
# Remove old certbot
sudo apt remove certbot
# Install snap
sudo snap install core
sudo snap refresh core
# Install certbot
sudo snap install --classic certbot
# Link command
sudo ln -s /snap/bin/certbot /usr/bin/certbotVerify Installation
Check Certbot is installed correctly.
certbot --versionList Available Plugins
View installed Certbot plugins.
certbot pluginsExpected output:
* nginx
Description: Nginx Web Server plugin
* standalone
Description: Standalone Authenticator
* webroot
Description: Webroot AuthenticatorFirst Time Setup
Verify everything is ready for certificate issuance.
# Check Certbot
certbot --version
# Check web server
sudo systemctl status nginx
# or
sudo systemctl status apache2
# Check port 80 is open
sudo netstat -tlnp | grep :80
# Check port 443 is open
sudo netstat -tlnp | grep :443Firewall Configuration
Ensure firewall allows HTTP and HTTPS.
UFW (Ubuntu)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw statusFirewalld (RHEL/CentOS)
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadiptables
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo service iptables save