DebianDebian Based

How To Install Certbot on Debian 12

Install Certbot on Debian 12

In this tutorial, we will show you how to install Certbot on Debian 12. In the realm of web security, Certbot emerges as a beacon of hope. This free, open-source software tool is a game-changer for manually-administered websites, enabling HTTPS through the use of Let’s Encrypt certificates. The beauty of Certbot lies in its simplicity. It provides a software client that interacts with the Let‘s Encrypt Certificate Authority (CA), handles the validation and certificate issuance process, and configures web servers to use the newly issued certificates.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Certbot on a Debian 12 (Bookworm).


  • A server running one of the following operating systems: Debian 12 (Bookworm).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • You will need an active internet connection to download the Certbot package.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Certbot on Debian 12 Bookworm

Step 1. Before installing Certbot, it’s crucial to ensure your system is up-to-date. Regular system updates not only provide the latest features and improvements but also patch security vulnerabilities. To update your system’s package repositories and upgrade the existing packages, execute the following commands:

sudo apt update
sudo apt upgrade

These commands will fetch the latest package information from the repositories and upgrade your system’s packages to their latest versions, respectively.

Step 2. Installing Certbot on Debian 12.

With your system updated, you’re now ready to install Certbot. This tool is a lifesaver for web administrators, automating the process of obtaining and installing SSL certificates on your server. To install Certbot along with its Apache plugin, use the following command:

sudo apt install certbot python3-certbot-apache

This command installs Certbot and the Apache plugin, which allows Certbot to automatically configure Apache to use the SSL certificates it obtains.

Step 3. Obtaining a Certificate.

Once Certbot is installed, the next step is to obtain a certificate for your domain. This certificate is a digital document that verifies the identity of your website and encrypts the data transmitted between your server and the users’ browsers. To obtain a certificate using Certbot, execute the following command:

sudo certbot --apache -d your_domain -d www.your_domain

Remember to replace ‘your_domain‘ with your actual domain name. This command tells Certbot to obtain a certificate for both the www and non-www versions of your domain.

Step 4. Configuring Certbot.

After obtaining a certificate, you need to configure Certbot to work correctly with your web server. This involves setting up the necessary plugins and authenticators. To view a list of the certificates Certbot knows about, run the following command:

certbot certificates

This command displays information about the certificates that Certbot has obtained, including their domains, expiration dates, and paths.

Step 5. Setting Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days, but it’s recommended to renew them every 60 days to avoid any downtime due to an expired certificate. Certbot includes a systemd timer that automatically renews any certificates that are within 30 days of expiration. To verify the status of the Certbot timer, use the following command:

systemctl status certbot.timer

This command displays the status of the Certbot timer, showing whether it’s active and when it’s scheduled to run next.

Step 6. Verifying Certbot Auto-Renewal.

To ensure the auto-renewal process is set up correctly, you can perform a dry run with Certbot. This test simulates the renewal process without making any actual changes, allowing you to identify and fix any issues before they affect your live certificates. To perform a dry run, execute the following command:

certbot renew --dry-run

If the dry run is successful, that means the auto-renewal process has been set up correctly.

Congratulations! You have successfully installed Certbot. Thanks for using this tutorial to install the latest version of the Certbot on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official Certbot website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button