Install SSL Certificate in Debian 12, 11 and 10
This guide shows you how to install and configure Let's Encrypt SSL certificates on your Debian web server using Certbot.
Prerequisites
- Apache or Nginx web server installed
- Domain name pointing to your server's IP address
- Port 80 and 443 open in your firewall
Step 1: Install Certbot
Debian 12 or 11
sudo apt update
sudo apt install python3-certbot-apacheFor Nginx instead of Apache
sudo apt install python3-certbot-nginxDebian 10
sudo apt update
sudo apt install certbot python3-certbot-apacheStep 2: Obtain SSL Certificate
For Apache
sudo certbot --apache -d yourdomain.com -d www.yourdomain.comFor Nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comFollow the interactive prompts:
- Enter your email address for renewal notifications
- Agree to the Terms of Service
- Choose whether to redirect HTTP to HTTPS (recommended: Yes)
Step 3: Verify Installation
Test your SSL certificate:
sudo certbot certificatesVisit your website with https:// to confirm it's working.
Step 4: Configure Auto-Renewal
Certbot automatically sets up renewal. Test the renewal process:
sudo certbot renew --dry-runCheck the renewal timer status:
sudo systemctl status certbot.timerTroubleshooting
Certificate Not Renewing Automatically
Manual renewal:
sudo certbot renewCheck renewal logs:
sudo tail -f /var/log/letsencrypt/letsencrypt.logPort 80 Not Accessible
Ensure your firewall allows HTTP and HTTPS:
sudo ufw allow 'Apache Full'Or for Nginx:
sudo ufw allow 'Nginx Full'Domain Not Resolving
Verify DNS settings:
dig yourdomain.com +shortAdditional Resources
- Check your SSL rating: https://www.ssllabs.com/ssltest/
- Let's Encrypt documentation: https://letsencrypt.org/docs/
