SSL with Let's Encrypt

SSL with Let's Encrypt

SSL with Let's Encrypt is part of the Web Server Administration section of the Ubuntu administration roadmap. This guide focuses on the practical checks, commands, and verification habits needed for this specific task.

Web server administration covers installing, configuring, securing, and troubleshooting HTTP services like Nginx and Apache.

Web administration connects DNS, ports, web server configuration, application upstreams, TLS, and access/error logs.

What you will learn

• How SSL with Let's Encrypt fits into Ubuntu administration.
• Which commands or files are involved.
• How to inspect the current state before making changes.
• How to verify the result after the work is complete.

Before you begin

Before web server changes, check the active virtual host, listening ports, DNS target, TLS certificate, and recent error logs.

lsb_release -a
hostnamectl
whoami
pwd

Why this matters

SSL with Let's Encrypt matters because web changes affect public availability and can break applications even when the server itself is healthy.

Think like an administrator: inspect first, change one thing at a time, verify the result, and keep a rollback path.

Quick reference

Step-by-step lab

Use the lab below to practice SSL with Let's Encrypt in a controlled way. Run the inspection commands first, then make one small change, and finally verify the result.

Step 1 - Inspect the current state

Start with read-only commands. Your first job is to understand the server before changing it.

sudo apt update
sudo apt install -y nginx

Step 2 - Check related services, files, or resources

Most Ubuntu topics connect to a service, package, file path, user, network socket, or log. Use the next command to look at the related layer.

systemctl status nginx --no-pager

Step 3 - Make one controlled change in a lab

Only after you understand the current state should you make a change. In production, avoid combining many changes in one session. In a lab, you can experiment more freely, but still keep notes.

# Example lab note
# 1. What did I check?
# 2. What did I change?
# 3. What output proved the result?
# 4. How can I undo it?

Step 4 - Verify and record the result

Verification is the difference between guessing and administration. Run the same inspection commands again and compare before and after output.

sudo apt update
sudo apt install -y nginx
systemctl status nginx --no-pager

Commands to practice

Run these commands in a test VM first. Read the output carefully and compare it with your own system.

sudo apt update
sudo apt install -y nginx
systemctl status nginx --no-pager
ss -tulpn | grep :80
curl -I http://localhost
sudo tail -n 50 /var/log/nginx/error.log

Example output

HTTP/1.1 200 OK
Server: nginx

How to verify your work

Do not stop after a command finishes successfully. A command can exit cleanly while the service, application, or user workflow is still broken. Verify from multiple angles.

systemctl --failed
journalctl -p warning -n 30 --no-pager
df -h
free -h

Visual explanation

Troubleshooting workflow

If something does not work, avoid random commands. Move through the layers in order. This keeps the investigation calm and makes your notes useful for future incidents.

1. Define the exact symptom. What is failing, and who is affected?
2. Check whether the problem is recent. Look for changes in packages, config, users, networking, or storage.
3. Inspect service status and logs before restarting anything.
4. Test one hypothesis at a time.
5. Keep a note of every command and result.
6. When fixed, write the root cause and prevention step.

date
uptime
systemctl --failed
journalctl -p err -n 50 --no-pager
ss -tulpn
ip route

Production notes

Validate configuration before reload, keep previous config copies, and test with curl from the server and a remote client.

• Take a backup or snapshot when the change can affect data or access.
• Keep a rollback command or config copy ready.
• Tell stakeholders what service could be affected.
• Apply the change during a low-risk time if possible.
• Watch logs immediately after the change.

Common mistakes

For SSL with Let's Encrypt, slow down and ask: what am I trying to prove, where is the configuration, where are the logs, and what does success look like?

• Reloading without config test.
• Checking browser output but ignoring error logs.
• Mixing up virtual host files.
• Forgetting TLS renewal or upstream health.

Summary

SSL with Let's Encrypt is a practical Ubuntu administration topic because it connects concept, command output, logs, and operational judgment. The more you practice this workflow, the easier it becomes to work on real servers without panic.

Use the commands above as a starting point, but always adapt them to the server in front of you. Check first, change carefully, verify clearly, and document the result.