Today I’ll be super busy preparing the order of a true legend — @Joseinnewworld, who just swept around 58 #NFTs 😳🔥 That’s insane support… looks like I’ll be pulling an all-nighter to get everything ready 😅🙌 #NFT #NFTCollection #NFTCollectors #eCash $XEC #CryptoMevXBOT https://t.co/5iHxVEGjRo pic.twitter.com/xjpvlw34L6
— NFToa (@nftoa_) August 19, 2025
In this tutorial we will use a free ssl certificate provided by Lets Encrypt to create a secure website by enabling HTTPS. We will install the certificate provided by lets encrypt using the certbot EFF client.
Steps to Install Let's Encrypt Free SSL Certificate
- Prerequisite
- Enable HTTPS for Google Cloud VMs
- SSH Google Cloud VM
- Backup Apache Configuration Files
- Install Certbot Client
- Install Certificates with Certbot for Apache
- HTTPS Connection Test
- Automatic Certificate Renewal.
1. Prerequisites
Before proceeding with this tutorial, we assume that you have successfully setup a website on google cloud and the website is accessible via a domain. We also assume that you can ssh your cloud vm either from a web browser using google cloud console or by configuring a public key based ssh connection from a local machine.
2. Enable HTTPS for Google Cloud VM
Open Google Compute Engine Instance and Select Edit to enable HTTPS traffic.
This will create a firewall rule to open port 443 on the compute instance and facilitate serving HTTPS requests after certificate installation.
3. SSH Google Cloud VM
SSH to the cloud vm from your local machine.
techmonger@ubuntu:~$ ssh 93.184.216.34
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
techmonger@google-vm:~$4. Backup Apache Configuration Files
Before proceeding with the certificate installation, it is important to have a backup of the existing Webserver configuration file. The certificate installation program will change the configuration file during the certificate installation. Backing up the existing configuration file will give us the opportunity to revert the old configuration back if something does not work as expected after the certificate installation.
$ mkdir /tmp/apache_config_backup/
$ cp -r /etc/apache2/* /tmp/apache_config_backup/5. Install Certbot Client
We have created a VM instance with Debian OS and will use the following command to install the certbot client. However if you have some other OS for your VM, please follow the instructions at https://certbot.eff.org to install certbot.
$ sudo apt-get install python-certbot-apache -t stretch-backports6. Install Certificate with Certbot for Apache
Starting the Certificate Installation Program
$ sudo certbot --authenticator webroot --installer apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apacheProvide a valid Email Address
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): techmonger@example.comAccept (A) Let's Encrypt Terms and Conditions
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf.
You must agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
(A)gree/(C)ancel: AOption to Share Email with EFF. Select (Y/N) depending on your preference.
Would you be willing to share your email address with the
Electronic Frontier Foundation, a founding partner of the
Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to
support digital freedom.
(Y)es/(N)o: YThe domain name to install the certificate. (example.com)
No names were found in your configuration files.
Please enter in your domain name(s) (comma and/or space separated)
(Enter 'c' to cancel): example.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.comWeb Server Root where website content is stored and accessible. ( /var/www/html)
Input the webroot for example.com:
(Enter 'c' to cancel): /var/www/html
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at
/etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost
/etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site:
/etc/apache2/sites-available/000-default-le-ssl.confOptions To configure HTTP to HTTPS redirection. Select 1 or 2 depending on whether you want to configure redirection or not.
Please choose whether or not to redirect HTTP traffic to HTTPS,
removing HTTP access.
-----------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access.
Choose this for new sites, or if you're confident your site works on HTTPS
You can undo this change by editing your web server's configuration.
-----------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in
/etc/apache2/sites-enabled/000-default.conf to ssl vhost in
/etc/apache2/sites-available/000-default-le-ssl.conf
-----------------------------------------------------Message for Successful Configuration
Congratulations! You have successfully enabled https:/example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.comDetails about the certificate file
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2018-09-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF:https://eff.org/donate-le7. Test HTTPS Connection
Open the website domain in a web browser with HTTPS and make sure the website works as expected. If redirects are configured, then check HTTP for HTTPS redirecting the website page by opening the page with HTTP in a browser.
8. Automatic Certificate Renewal.
By default, let’s encrypt certificates expire after 90 days of installation. It’s important to have an automated way to renew certificates before the expiration date. Certbot does this for you by creating a cron job. Learn more about how certbot auto-renewal certificates work.
Conclusion
We have installed free Lets encrypt SSL certificates for a static website hosted on google cloud vm. This certificate has been configured for Apache web server using Certbot client. We have also set up auto-renewal of the certificate to avoid manual renewal and expiration of the certificate.