Chapter 11: Installing Certbot & Generating SSL Certificate
Now that your Debian server is up and running and your domain is resolving correctly, it’s time to secure it with HTTPS using Certbot and Let’s Encrypt — totally free and super trusted
Let’s make your site look pro with that padlock in the browser! ✅
Why SSL?
- Encrypts traffic between users and your server
- Gives credibility — no more “Not Secure” warning in browsers
- Required for many web features and SEO
Step 1: Install Certbot on Debian
Run the following commands to install Certbot and its dependencies:
sudo apt updatesudo apt install certbot -y📝 If you're using Nginx or Apache, Certbot has plugins — but in this guide, we'll use the standalone method to generate the cert first.
Certbot uses port 80 (HTTP) to validate your domain. Make sure it’s open:
sudo ufw allow 80Or if using Oracle’s security lists, allow inbound traffic on port 80 via the OCI Console under Networking > Security Lists or Network Security Groups.
Step 3: Run Certbot to Get the Certificate
Before running the Certbot command, make sure your domain points to your server's public IP address — otherwise, Let's Encrypt won’t be able to validate it! ❌
✅ Add an A Record in OCI DNS:
- Name:
@or your root domain (e.g.,hexacats.online) - Type:
A - Value: Your server's public IP (from the OCI instance)
Repeat the same for www.yourdomain.com if you want it secured too.
Once your DNS is set up and propagated (you can check with whatsmydns.net), run Certbot:
sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.comReplace yourdomain.com with your actual domain (e.g., hexacats.online)
🛑 Make sure no web server is running on port 80 during this process (e.g., stop Nginx temporarily if needed).
Step 4: Where Are My Certificates?
Once successful, Certbot will output a message showing where your certs are:
- Full chain:
/etc/letsencrypt/live/yourdomain.com/fullchain.pem - Private key:
/etc/letsencrypt/live/yourdomain.com/privkey.pem