Install Let's Encrypt SSL Certificate with Nginx on Debian 12

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public's benefit.

To setup Let's Encrypt with Nginx, you will need the below prerequisites.


To setup Let's Encrypt with Nginx, you will need the below prerequisites.

  • Debian 12 installed and having root access to the system.
  • Domain name with A record pointing to your server's IP address.

Update the System

Before we begin with installating additional packages, we will update the system to latest,

apt dist-upgrade

Install Snapd

Install the snapd package using the below command

apt install snapd

Update the Snap with below commands,

snap install core; snap refresh core

Install Nginx

apt install nginx

Now, restart & check the nginx with the following commands:

systemctl start nginx
systemctl enable nginx

Installing Certbot

Run the command to install certbot specific to Nginx

snap install --classic certbot


root@vps:~# snap install --classic certbot
certbot 2.6.0 from Certbot Project (certbot-eff✓) installed

Execute the following command to ensure that the certbot command can be run.

ln -s /snap/bin/certbot /usr/bin/certbot

Set up a Nginx vHost for the SSL Certificate

Confirm that the Virtual host for your domain is set up and working.

Open the virtual file,

nano /etc/nginx/conf.d/

And add the below configuration to the file,

server {
    listen 80;
    listen [::]:80;

    root /var/www/;

    index index.html;


    access_log /var/log/nginx/;
    error_log /var/log/nginx/;

    location / {
        try_files $uri $uri/ =404;

Replace the with your actual domain name in the configuration and the configuration file name.
The web root path is where the application or site resides and can be updated accordingly.

If an error occurs, check for any typos or missing characters and once the syntax is correct, reload the Nginx to load new configuration.

systemctl reload nginx

Set up SSL Certificate

Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.

certbot --nginx -d

Replace the with actual domain name

You will have to accept the terms of service.

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2020-09-05. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

You will receive this acknowledgement that the SSL certificate for is successfull.

You can now verify your website using https:// that the connection is secure with the lock icon in the usrl bar.

To check that you have top-of-the-line installation, navigate to

Certbot Auto-Renewal

certbot renew

This concludes setting up and configuring Let's Encrypt for Nginx on Debian 12.