Certbot: Automating HTTPS with Let's Encrypt Certificates

Certbot: Automating HTTPS with Let's Encrypt Certificates

Summary

Certbot is a free, open source software tool developed by the EFF to automatically enable HTTPS on your server. It simplifies the process of obtaining and renewing SSL/TLS certificates from Let's Encrypt. This powerful client also supports any other Certificate Authority that utilizes the ACME protocol, making secure web communication accessible to everyone.

Repository Info

Updated on March 11, 2026
View on GitHub

Tags

certbotletsencryptacmecertificatehttpspythonweb-securityautomation

Click on any tag to explore related repositories

Introduction

Certbot is an essential tool developed by the Electronic Frontier Foundation (EFF) that simplifies the process of securing your website with HTTPS. It automates the acquisition and renewal of SSL/TLS certificates from Let's Encrypt, a free, automated, and open Certificate Authority. Beyond Let's Encrypt, Certbot also functions as a client for any other CA that supports the ACME protocol, ensuring broad compatibility for secure web communication. For more details, visit the official Certbot GitHub repository.

Installation

Installing Certbot varies depending on your operating system and web server configuration. The recommended method for many Linux distributions is via Snap, ensuring you always have the latest version. For detailed, up-to-date instructions tailored to your specific setup, it is highly recommended to consult the official Certbot documentation.

Here are common installation examples:

# Install via Snap (recommended for many Linux distributions)
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

# Install via apt (e.g., for Ubuntu with Nginx)
sudo apt update
sudo apt install certbot python3-certbot-nginx

Remember to replace python3-certbot-nginx with the appropriate plugin for your web server, such as apache or certonly.

Examples

Certbot simplifies certificate management with straightforward commands. Here are a few common examples:

Obtain and install a certificate for Nginx:

sudo certbot --nginx -d example.com -d www.example.com

Obtain a certificate without installing it (certonly):

sudo certbot certonly --webroot -w /var/www/html -d example.com

Renew all certificates:

sudo certbot renew --dry-run

The renew command is typically run automatically by a cron job or systemd timer, but dry-run allows you to test the renewal process. For more advanced use cases and specific configurations, refer to the Certbot User Guide.

Why Use

Certbot offers compelling reasons for its adoption, making it a cornerstone for web security:

  • Automation: It fully automates the process of obtaining, installing, and renewing SSL/TLS certificates, eliminating manual effort.
  • Free Certificates: By leveraging Let's Encrypt, Certbot provides free, trusted certificates, making HTTPS accessible to everyone.
  • Enhanced Security: Implementing HTTPS encrypts communication between your server and users, protecting sensitive data and improving trust.
  • Ease of Use: Despite its powerful capabilities, Certbot is designed to be user-friendly, with clear instructions and helpful prompts.
  • Community and Support: Backed by the EFF and a large community, Certbot benefits from continuous development and robust support.

Links

Explore Certbot further through these official resources: