In this guide, we’ll learn how to install Let’s Encrypt on Debian 13. Let’s Encrypt is a non-profit certificate authority that provides free, automated OpenSSL/TLS certificates for websites to enable HTTPS encryption. HTTPS encryption is a security protocol that encrypts data exchanged between the browser and the website (server). A secure connection is necessary to protect sensitive information and ensure the privacy and integrity of data. Let’s Encrypt SSL certificates are valid for 90 days to encourage automation and limit damage if a key is compromised. For Let’s Encrypt to be installed on a domain, the domain must be valid and point to a server IP address; otherwise, the installation will fail.
Installing Let’s Encrypt is a straightforward process that can take less than a minute. Before that, however, there are some prerequisites that must be met, which will be explained in the following paragraphs. Let’s install Let’s Encrypt on Debian 13!
Table of Contents
Prerequisites
- Debian VPS Hosting
- User privileges: root or non-root user with sudo privileges
- A valid domain name pointed to the server IP address
Step 1. Update the system
Before we start the Let’s Encrypt installation, we need to update the packages on Debian 13 to their latest versions. To do that, execute the following command:
sudo apt update -y && sudo apt upgrade -y
Step 2. Install Apache Web Server
Many websites are served by the Apache web server, so we need to install it to create a virtual host file that configures the domain name and its document root, which are required for the Let’s Encrypt installation on Debian 13.
To install Apache, execute the following command:
sudo apt install apache2 -y
Once installed, start and enable the Apache service:
sudo systemctl start apache2 && sudo systemctl enable apache2
Check the status of the service:
sudo systemctl status apache2
You should get the following output:
root@host:~# sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Sat 2025-10-25 02:23:12 CDT; 22s ago
Invocation: eb31743245074010bc87f0efd77f47ce
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 60464 (apache2)
Tasks: 55 (limit: 4640)
Memory: 5.2M (peak: 5.7M)
CPU: 118ms
CGroup: /system.slice/apache2.service
├─60464 /usr/sbin/apache2 -k start
├─60466 /usr/sbin/apache2 -k start
└─60468 /usr/sbin/apache2 -k start
Step 3. Create Apache Virtual Host File
Before we create the virtual host file, we will create an index.html file in the /var/www/htm/ directory on the server, which will be our document root.
touch /var/www/html/index.html
Open the index.html file with your favorite editor and paste the following lines of code:
Hello World!
Save the file and close it.
To create the Apache virtual host file, execute the following command:
sudo touch /etc/apache2/sites-available/website.conf
Open the file and paste the following lines of code
<VirtualHost *:80>
ServerName yourdomain.com
DocumentRoot /var/www/html
AllowOverride All
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Save the file and close it.
Enable the Apache configuration files for your website, including the rewrite module.
sudo a2enmod rewrite sudo a2ensite website.conf sudo a2dissite 000-default.conf
Check the Apache2 syntax:
apachectl -t
You should receive the following output:
root@host:/var/www/html# apachectl -t Syntax OK
If the syntax is OK, restart the Apache service.
systemctl restart apache2
Now you can access the website insecurely at http://yourdomainhere.com
Step 4. Install Let’s Encrypt SSL certificate
Before we install Let’s Encrypt on Debian 13, we need to install the Certbot Apache plugin to secure your data.
sudo apt install python3-certbot-apache -y
Once installed, we can obtain a certificate with the command below:
sudo certbot --apache -d yourdomain.com
Through the process, you will be asked a couple of questions about personal data:
root@host:/var/www/html# sudo certbot --apache -d yourdomain.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address or hit Enter to skip. (Enter 'c' to cancel): admin@yourdomain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at: https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Requesting a certificate for yourdomain.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem This certificate expires on 2026-01-23. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for yourdomain.com to /etc/apache2/sites-available/website-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://yourdomain.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
That’s it! Now you can access your website securely at https://yourdomain.com
Congratulations! You successfully installed Free Let’s Encrypt on Debian 13.
Of course, you don’t have to do this if you have difficulties and are not familiar with Linux. You can always contact our technical support. You only need to sign up for one of our NVMe VPS server plans and submit a support ticket. We are available 24/7 and will address your request immediately.
If you liked this post about the installation of a Free Let’s Encrypt SSL certificate on Debian 13, please share it with your friends or leave a comment below.