HTTPS stands for Hypertext Transfer Protocol Secure. It is the most valid and secure communication protocol on the internet. HTTPS protects the integrity and confidentiality of the website and the user’s computer. Without HTTPS, it is possible for someone to intercept and gather sensitive information from your website visitors, including login credentials and credit card details. Once you have installed Apache or Nginx on Ubuntu 26.04, the service will only run on port 80 by default. To enable HTTPS on Ubuntu 26.04, configure Apache or Nginx to listen on port 443 and install an SSL certificate. In this article, we will guide you on how to install the HTTPS Protocol on Ubuntu 26.04.
Prerequisites
- An Ubuntu 26.04 VPS
- SSH access with sudo privileges, or root access
- A domain or subdomain already pointing to your server
Conventions
# – given commands should be executed with root privileges either directly as a root user or by use of sudo command
$ – given commands should be executed as a regular userStep 1. Update the System
First of all, we need to log in to our Ubuntu 26.04 VPS through SSH:
ssh root@IP_Address -p Port_numberReplace “root” with a user that has sudo privileges or root if necessary. Additionally, replace “IP_Address” and “Port_Number” with your server’s respective IP address and SSH port number. Next, let’s make sure that we’re on Ubuntu 26.04. You can verify it with this command:
# lsb_release -aYou should get this as the output:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Resolute Raccoon
Release: 26.04
Codename: resoluteThen, run the following command to make sure that all installed packages on the server are updated to their latest available versions:
# apt update That’s it, the system package information should be updated now.
Step 2. Install Web Server
In this article, we will show you how to install the HTTPS protocol on Ubuntu 26.04. In Apache and Nginx. Please select one of the web servers, Apache or nginx.
Apache
To install Apache, run the command:
# apt install apache2Nginx
To install nginx, run the command:
# apt install nginxWhatever web server you choose to install, it will run automatically upon installation.
Step 3. Create a Virtual Host
If you want to run Apache as the web server, let’s complete this step.
# nano /etc/apache2/sites-available/ssl.yourdomain.com.confInsert the following into the file.
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName ssl.yourdomain.com
DocumentRoot /var/www/html/ssl.yourdomain.com
ErrorLog ${APACHE_LOG_DIR}/ssl.yourdomain.com.error.log
CustomLog ${APACHE_LOG_DIR}/ssl.yourdomain.com.access.log combined
</VirtualHost>Please make sure to replace yourdomain.com with your actual domain name pointing to the server. Save the file, then exit from the editor. Now, let’s enable the virtual host and restart Apache.
# a2ensite yourdomain.com# systemctl restart apache2If you want to use nginx, skip the steps above and complete the following instead.
# nano /etc/nginx/conf.d/ssl.yourdomain.com.confInsert the following into that file.
server {
listen 80;
root /var/www/html/ssl.yourdomain.com;
index index.html;
server_name ssl.yourdomain.com;
location / {
try_files $uri $uri/ =404;
}
}Please make sure to replace yourdomain.com with your actual domain name pointing to the server. Save the file, exit from the editor, then restart nginx.
# systemctl restart nginxStep 4. Install Certbot
Certbot is a tool to obtain SSL certificates from Let’s Encrypt and optionally) easier and auto-enable HTTPS on your server. It can also act as a client for any other CA certificates that use the ACME protocol. In this step, we’ll learn the steps to install Certbot on Ubuntu and obtain an SSL/TLS certificate. To install Certbot on Ubuntu 26.04, we need to install:
If you choose Apache as the web server, run this:
# apt install python3-certbot-apacheIf you choose nginx, execute this:
# apt install python3-certbot-nginxStep 5. Enable HTTPS Protocol
When using Apache, we need to enable the SSL module first because mod_ssl is not enabled by default on an Ubuntu machine. Let’s execute the command below to enable the SSL module.
# a2enmod sslTo apply the changes, we need to restart Apache.
# systemctl restart apache2That’s it, the Apache SSL module has been enabled. Whether you are running Apache or nginx, you can execute the command below to enable the HTTPS protocol and generate an SSL certificate for your domain/subdomain. You would just need to select the plugin to authenticate when prompted.
# certbotThe command above will prompt you to select which web server you use.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
How would you like to authenticate and install certificates?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): Simply type 1 or 2, then hit ENTER. You will be asked to type the domain name, and the SSL certificate will be issued.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): ssl.yourdomain.com
Requesting a certificate for ssl.yourdomain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/ssl.yourdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/ssl.yourdomain.com/privkey.pem
This certificate expires on 2026-06-04.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for yourdomain.com to /etc/nginx/conf.d/ssl.yourdomain.com.conf
Congratulations! You have successfully enabled HTTPS on https://ssl.yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -That’s it. Your Apache or nginx configuration will be updated automatically to enable the HTTPS protocol on your domain/subdomain.
Step 6. Create a Self-Signed SSL Certificate
This is optional; if you use your actual domain and complete the step above to generate an SSL certificate with Certbot, you can skip this step. A self-signed SSL certificate is a great choice when you are experimenting or testing on your Apache server. Although the self-signed certificate won’t be recognized by browsers, and visitors will receive a warning message if they access your site directly, you can rest assured that you are safeguarded against “man-in-the-middle” attacks. If you already possess a paid SSL certificate or a free SSL certificate from Let’s Encrypt, feel free to skip this step and proceed.
Run this command to generate a self-signed SSL certificate. Make sure to replace ssl.yourdomain.com with your actual domain or subdomain.
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ssl.yourdomain.com.key -out /etc/ssl/certs/ssl.yourdomain.com.crt
When running the command above, you will need to answer the prompts.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:Wrap Up
That’s it! The SSL certificate for ssl.yourdomain.com has been generated, and HTTPS should now work properly on your domain/subdomain.
If you liked this post on how to install the HTTPS Protocol on Ubuntu 26.04, please share it with your friends or leave a comment below.