This blog post shows you how to install Let’s Encrypt on Debian 13. Let’s Encrypt is a non-profit certification authority that provides SSL certificates for TLS (Transport Layer Security). It is the world’s most considerable certificate authority, used by more than 400 million websites. The entire process for obtaining an SSL certificate is fully automated by the Certbot. Certbot is a free and open-source software tool for automatically using Let’s Encrypt certificates on a manually-administered website to enable HTTPS. HTTPS is Hypertext Transfer Protocol secure, used to send data between a web browser and a website.
Installing the Free Let’s Encrypt SSL certificate is automated on Apache and Nginx web servers. We will cover the procedures for both in the following paragraphs.
Installing a Let’s Encrypt SSL certificate on Debian 13 is straightforward, and the process should not take more than 5 minutes. Let’s get started!
Prerequisites
- A server running Debian 13 OS
- User privileges: root or non-root user with sudo privileges
- A valid domain name pointed to the server IP address
Update the system
Before we start with the installation of Free Let’s Encrypt SSL certificate, we need to update the packages to their latest available versions. To do that, execute the following command:
sudo apt update -y && sudo apt upgrade -y
Install Apache Web Server and Create Virtual Host
First we need to install Apache2 as a web server. To do that execute the following command:
sudo apt install apache2 -y
Once installed start and enable the Apache service:
sudo systemctl start apache2 && sudo systemctl enable apache2
Check the status of the service:
sudo systemctl status apache2
You should get the following output:
root@host:~# sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sun 2025-04-13 04:23:25 CDT; 1min 3s ago
Invocation: 2371b16c18674399bb97ce504e35defb
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 68961 (apache2)
Tasks: 55 (limit: 4644)
Memory: 5.5M (peak: 6.1M)
CPU: 231ms
CGroup: /system.slice/apache2.service
Now, when we have installed the Apache web server we need to create virtual host file with the domain. To do that create the following file:
sudo touch /etc/apache2/sites-available/website.conf
Open the file with your text editor and paste the following lines of code:
<VirtualHost *:80>
ServerName yourdomain.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Save the file and close it.
Install Certbot plugin for Apache and obtain a Certificate
Once the Apache configuration file is created, we can proceed with installing Certbot and obtaining a certificate. To install Certbot and its Apache plugin, execute the following command:
apt install python3-certbot-apache
To obtain an SSL certificate you need to execute the following command:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
Through the process, you will be asked for a couple of questions about personal data:
root@host:/var/www/html# sudo certbot --apache -d yourdomain.com -d www.yourdomain.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Requesting a certificate for yourdomain.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem This certificate expires on 2025-07-12. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for yourdomain.com to /etc/apache2/sites-available/website-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://yourdomain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
That’s it. The Free Let’s Encrypt has been installed, and you can access the website securely at https://yourdomain.com.
Install Nginx Web Server and Create Virtual Host
Now, we will show you how to install Let’s Encrypt with Nginx as a web server. Let’s first install the Nginx web server with the following command:
sudo apt install nginx -y
Once installed start and enable the Nginx service:
sudo systemctl start nginx && sudo systemctl enable nginx
Check the status of the service:
sudo systemctl status nginx
You should get the following output:
root@host:~# sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Sun 2025-04-13 07:36:54 CDT; 39s ago
Invocation: 6f108e482b844ca3ba2e1b6826a714f0
Docs: man:nginx(8)
Main PID: 71011 (nginx)
Tasks: 4 (limit: 4644)
Memory: 3.8M (peak: 9.2M)
CPU: 126ms
CGroup: /system.slice/nginx.service
├─71011 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
Now, when we have installed the Nginx web server we need to create virtual host file with the domain. To do that create the following file:
touch /etc/nginx/conf.d/website.conf
Open the file with your text editor and paste the following lines of code:
server {
listen 80;
server_name yourdomain.com;
root /var/www/html;
index index.html index.php;
server_tokens off;
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
}
Install Certbot plugin for Nginx and obtain a Certificate
Once the Nginx configuration file is created, we can proceed with installing Certbot and obtaining a certificate. To install Certbot and its Nginx plugin, execute the following command:
sudo apt install certbot python3-certbot-nginx -y
To obtain an SSL certificate you need to execute the following command:
sudo certbot --nginx -d yourdomain.com -d yourdomain.com
The personal info about the email address and sharing the email address is the same as previous step. The final output after successfull Let’s encrypt installation is the followig one:
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yourdomain.co/fullchain.pem Key is saved at: /etc/letsencrypt/live/yourdomain.co/privkey.pem This certificate expires on 2025-07-12. These files will be updated when the certificate renews. Deploying certificate Successfully deployed certificate for yourdomain.co to /etc/nginx/conf.d/website.conf Congratulations! You have successfully enabled HTTPS on https://yourdomain.co NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le
That’s it. You successfully learned how to install Let’s Encrypt on Debian 13 OS.
If you liked this post about Let’s Encrypt installation, please share it with your friends or leave a comment down below.