Skip to content
Musiker15
  • Home
  • News
  • FAQ
  • Community
GitHub
Musiker15

Tutorials & Guides

Personal website of Moritz Kohm — tutorials, guides and background info on Linux/Debian, server administration and self-hosting.

Content

  • Tutorials
  • News
  • FAQ

About

  • About Musiker15
  • Community
  • MSK Scripts

Socials

  • Discord
  • GitHub Musiker15
  • GitHub MSK Scripts

Legal

  • Imprint
  • Privacy

© 2026 Moritz Kohm

DiscordGitHub
  • PC Hardware
  • Debian Tutorials
    • Upgrade from Debian 10 to Debian 11
    • Apache 2, PHP 8, MariaDB and phpMyAdmin
    • MariaDB upgrade on Debian / Ubuntu
    • Certbot — Let's Encrypt (free SSL certificates)
    • TeamSpeak 3 Server
    • Sinusbot
    • pgAdmin 4 — Setup Runbook
  1. Home
  2. Tutorials
  3. Debian Tutorials
  4. Certbot — Let's Encrypt (free SSL certificates)

Certbot — Let's Encrypt (free SSL certificates)

Install Certbot and have SSL certificates from Let's Encrypt renewed automatically.

Edit this page

It's really quite simple. You just install Certbot and you can get free SSL certificates from Let's Encrypt.

apt install certbot python3-certbot-apache -y
certbot --apache -d your-domain.com -d www.your-domain.com

Since Debian 11 the package is called python3-certbot-apache (no longer python-certbot-apache — that was the old Python 2 package and no longer exists in current Debian versions).

The Apache plugin (--apache) handles both domain validation and setting up the SSL vHost configuration in one step. On the first run you have to enter an email address and accept the license terms with A.

The certificates are only valid for 90 days. Certbot automatically sets up a systemd timer (certbot.timer) for renewal during installation — you can verify it like this:

systemctl list-timers certbot.timer
certbot renew --dry-run

A manual renewal is only needed in an emergency:

certbot renew