This blog post will show you how to enable HTTPS on Debian 13. HTTPS is a shortcut to Hypertext Transfer Protocol Secure and is a protocol that uses encryption for secure communication over a network. The HTTPS protocol encrypts the transmitted data using the SSL (Secure Socket Layer) protocol. So, to enable the HTTPS protocol, we need to install an SSL certificate on a domain name so the website can be accessed securely via HTTPS. Enabling HTTPS and installing an SSL certificate requires a configured web server (Apache, Nginx, or OpenLiteSpeed).
In this tutorial, we will cover installing an Nginx Web server, configuring a virtual host, and installing a Free Let’s Encrypt SSL certificate to fulfill the requirements for enabling the HTTPS protocol. Let’s get started!
Table of Contents
Prerequisites
- A server running Debian 13 OS
- User privileges: root or non-root user with sudo privileges
- A valid domain name pointed to the server’s IP address
Step 1. Update the system
Before installing Nginx and Let’s Encrypt, we must update the packages to the latest versions. To do that, execute the following command:
sudo apt update -y && sudo apt upgrade -y
Step 2. Install Nginx Web Server
In this tutorial, we will choose Nginx as a web server. Enabling the HTTPS protocol and installing SSL certificates can also be done on Apache and OpenLiteSpeed web servers. It is up to the user which web server they want to use. Let’s proceed with the Nginx installation.
To install the Nginx web server, execute the following command:
sudo apt install nginx -y
Once the web server is installed, we need to start and enable the nginx service:
sudo systemctl start nginx && sudo systemctl enable nginx
To check the status of the service, execute the following command:
sudo systemctl status nginx
If everything is OK, you should receive the following output:
root@host:~# sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-05-06 14:48:13 CDT; 1min 49s ago
Invocation: 78d2c4b786c141d0bb551598bf48d3da
Docs: man:nginx(8)
Main PID: 68366 (nginx)
Tasks: 4 (limit: 4644)
Memory: 3.8M (peak: 9.1M)
CPU: 114ms
CGroup: /system.slice/nginx.service
├─68366 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
├─68368 "nginx: worker process"
├─68369 "nginx: worker process"
└─68370 "nginx: worker process"
May 06 14:48:13 host.test.vps systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server...
May 06 14:48:13 host.test.vps systemd[1]: Started nginx.service - A high performance web server and a reverse proxy server.
Step 3. Create Nginx Virtual Host File
Next, we need to create an Nginx configuration file, where we need to define the domain and document root of the simple HTML website, enough to show you later how to install the Free Let’s Encrypt SSL certificate.
First, we will create the document root directory and place a simple HTML index.html file. Execute the following commands one by one:
sudo mkdir -p /var/www/html/example sudo touch /var/www/html/example/index.html echo 'Hello World' > /var/www/html/example/index.html
Next, we need to create an Nginx configuration. To do that, execute the following command:
sudo touch /etc/nginx/conf.d/example.conf
Open the file with your favorite text editor and paste the following lines of code:
server {
listen 80;
server_name example.com;
root /var/www/html/example;
index index.html;
server_tokens off;
access_log /var/log/nginx/example_access.log;
error_log /var/log/nginx/example_error.log;
client_max_body_size 64M;
location / {
try_files $uri $uri/ =404;
}
}
Save the file, close it, and check the Nginx syntax:
nginx -t
You should receive the following output:
root@host:~# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@host:~# service nginx restart
You can proceed with the Nginx restart:
sudo systemctl restart nginx
With this configuration, you can only access your website insecurely via the HTTP protocol at http://example.com. To enable the HTTPS protocol, we need to install Let’s Encrypt. Please proceed to the next step to learn how to install Let’s Encrypt.
Step 4. Install a Free Let’s Encrypt SSL certificate
First, we need to install the Certbot plugin for Nginx:
sudo apt install certbot python3-certbot-nginx
Once installed, we need to obtain an SSL Certificate with the command below:
sudo certbot --nginx -d example.com -d
You should enter your email address for renewal, and some extra info as described below. After successful installation, you will receive the paths of the SSL certificates.
root@host:~# sudo certbot --nginx -d example.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Yes Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: No Account registered. Requesting a certificate for example.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem This certificate expires on 2025-08-04. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for to /etc/nginx/conf.d/example.conf Congratulations! You have successfully enabled HTTPS on https://example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The Nginx file we created is automatically configured to redirect traffic to HTTPS with a valid SSL certificate.
That’s it. You enabled HTTPS Protocol with Nginx and Free Let’s Encrypt on Debian 13.
Bear in mind that you do not have to configure this on your own. You can always contact our technical support. Simply sign up for one of our Debian VPS plans and submit a support ticket. We are available 24/7 and will take care of your request immediately.
If you liked this post on how to enable HTTPS on Debian 13, please share it with your friends or leave a comment below.