How to enable Free SSL on VPS by certbot

If you’re hosting your website on a VPS with Nginx and want to secure it with HTTPS using a free SSL certificate from Let’s Encrypt, but prefer to handle the Nginx configuration yourself with this guide is for you.
Rather than letting Certbot auto-configure everything, we’ll walk through how to manually generate the SSL certificate and configure Nginx by hand, giving you full control over your server setup. Whether you’re setting up a subdomain like auth.cardiast.com or any other domain, this step-by-step tutorial will help you do it cleanly and securely.

✅ 1. Install Certbot (Without Nginx Plugin)

Install Certbot (don’t need the nginx plugin since we’re not auto-configuring):

For Ubuntu/Debian:

sudo apt update
sudo apt install certbot

✅ 2. Generate Certificate (Without Modifying Nginx)

Use the webroot method to generate a certificate manually:

Step A: Create a webroot directory

Step A: Run Certbot with webroot method

sudo certbot certonly --webroot -w /var/www/domain.com -d domain.com

If successful, your certs will be saved in:

/etc/letsencrypt/live/domain.com/

fullchain.pem – certificate
privkey.pem – private key

✅ 3. Manually Configure Nginx for SSL

Edit your Nginx config:

server {
    listen 443 ssl;
    server_name domain.com;

    root /var/www/domain.com;

    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;

    location / {
        try_files $uri $uri/ =404;
    }
}

Also redirect HTTP to HTTPS (optional):

server {
    listen 80;
    server_name domain.com;
    return 301 https://$host$request_uri;
}

Test and reload:

sudo nginx -t
sudo systemctl reload nginx

✅ 4. (Optional) Setup Manual Renewal Cron Job

Let’s Encrypt certs expire every 90 days. To manually renew:

sudo certbot renew --cert-name domain.com

To automate it with a cron job:

sudo crontab -e

Add:

0 2 * * * certbot renew --quiet &amp;&amp; systemctl reload nginx

✅ Wrapping Up

Securing your website with HTTPS is no longer optional — it’s essential for trust, privacy, and SEO. In this guide, we explored how to manually install a free SSL certificate using Let’s Encrypt and configure it on your Nginx VPS without relying on automatic tools. This method gives you more flexibility and control over your web server setup, especially in custom environments.

Remember, Let’s Encrypt certificates are only valid for 90 days, so don’t forget to renew them regularly — or set up a cron job for automatic renewal.

If you found this guide helpful, feel free to share it with others or leave a comment below. Stay secure and happy hosting! 🔒🚀