Whenever you open up a web browser and type in a domain name, you might notice a tiny padlock icon sitting right next to the URL string. That little padlock tells you the site is using HTTPS instead of old-school, unencrypted HTTP. If you try to visit a modern app or site that doesn't have this, your browser will flash a massive, scary warning screen saying "Your connection is not private." This warning panics visitors and makes them leave your site instantly.
More importantly, if you try to submit your website to Google AdSense without HTTPS, you will get rejected immediately. Google demands absolute security for any platform displaying its ads. In the old days of the web, getting an SSL/TLS security certificate was a total nightmare. You had to pay hundreds of dollars a year to corporate registration firms and fill out endless configuration files manually. Today, a fantastic non-profit service called Let’s Encrypt gives away high-grade security certificates to everyone for free. Let's look at how to set one up on your Linux server in just a few minutes.
Why Plain HTTP is Dangerous for Your Users
To understand why this security layer matters, think about how standard network traffic moves across the internet. When a user logs into an unencrypted HTTP site and types in their password, that information is transmitted across the wire as plain, readable text.
If someone is sitting in the same local coffee shop sniffing network packets on the public Wi-Fi, they can read that password instantly. It is completely exposed.
HTTPS fixes this by running your traffic through an encryption layer called TLS (Transport Layer Security). The second the user types data into their browser, the browser encrypts it into a scrambled mess of random characters.
Even if a malicious actor intercepts the network packet mid-transit, they cannot read it because they don't have the secret key to decode it.
The Secret Magic Tool: Certbot
Let’s Encrypt issues certificates automatically, but you don't download them manually using your browser. Instead, you use a brilliant command-line software tool called Certbot.
Certbot talks directly to the Let’s Encrypt servers, proves that you actually own your domain name, downloads the security files, and configures your web server software (like Nginx or Apache) automatically.
Before running Certbot, make sure you point your domain name's DNS settings to your server's public IP address. Your domain must be working properly on the open web before Let’s Encrypt will agree to give you a certificate.
Setting Up Nginx to Receive the Certificate
We are going to use Nginx as our primary web server software because it is incredibly fast and lightweight. Open up your Linux terminal, connect to your server, and run this command to install Nginx:
sudo apt update
sudo sudo apt install nginx
Next, we need to create a simple configuration block so Nginx knows which domain name to listen for. Open a new configuration file using the Nano text editor:
sudo nano /etc/nginx/sites-available/zudisa_blog
Paste this straightforward server template into the file. Make sure you replace yourdomain.com with your actual, live web domain:
server {
listen 80;
server_name yourdomain.com ://yourdomain.com;
location / {
root /var/www/html;
index index.html index.htm;
}
}
Press Ctrl + O to save, then Ctrl + X to exit the editor. Now, create a shortcut link to activate this new configuration block, and reload Nginx so it reads the updates:
sudo ln -s /etc/nginx/sites-available/zudisa_blog /etc/nginx/sites-enabled/
sudo systemctl restart nginx
Installing and Running Certbot
Now that our web server is running and listening for our domain name, we can install the Certbot tool. Run this command in your server terminal:
sudo apt install certbot python3-certbot-nginx
With Certbot installed, we can run a single command that tells the tool to automatically inspect our Nginx settings, request the correct certificates from Let’s Encrypt, and secure our routing paths:
sudo certbot --nginx -d yourdomain.com -d ://yourdomain.com
The terminal will ask you to type in your email address. This is important because Let’s Encrypt will send you a warning email if your certificate ever encounters an automated issue.
It will also ask if you want to automatically redirect all old HTTP traffic to secure HTTPS. Type the number corresponding to Redirect and hit Enter.
Certbot will perform a quick handshake check, verify your domain records, and update your configuration files. When it finishes, it will print a success message. If you open your browser and visit your site, you will see the secure padlock icon activated.
Automating the Renewal Process
Let’s Encrypt certificates are highly secure because they are short-lived—they expire automatically after 90 days. This short lifespan ensures that if a key is ever lost or compromised, it becomes useless quickly.
However, logging into your server every three months to renew your certificates manually would be a major chore.
Thankfully, Certbot configures an automated background timer script (a cron job) on your operating system during installation. This background script wakes up twice a day, checks if your certificates are close to expiring, and renews them automatically without your intervention.
You can verify that this automated renewal script is working perfectly by running a quick test simulation:
sudo certbot renew --dry-run
This command simulates a full renewal cycle without making any real changes to your active certificates. If the terminal completes the simulation without errors, your automated security architecture is fully operational and your site will stay secure forever.