Let's Encrypt has issued free SSL certificates since 2015, bringing the internet into a fully encrypted state. Certificates live for 90 days and must be renewed every 3 months. Doing this manually is tiring and forgetting is catastrophic. Certbot fully automates the process.
What Certbot is
Certbot is the official open-source tool for getting, installing and renewing Let's Encrypt certificates. Written in Python, works on almost all Linux distributions. Direct Apache and Nginx integration, automatically edits configuration files. Domain ownership verified via the ACME protocol.
Installation and first certificate
On Ubuntu or Debian the command is simple: sudo apt install certbot python3-certbot-nginx (for Nginx). Then sudo certbot --nginx -d sayt.uz -d www.sayt.uz fetches the certificate, modifies Nginx config and switches the site to HTTPS. 1-2 minutes and the lock appears in the browser.
Automatic renewal
Certbot installs a cron or systemd timer — checks twice a day, renews 30 days before expiry. No intervention needed, everything runs in the background. Web server reloads automatically after renewal, no downtime. Test with sudo certbot renew --dry-run.
Validation methods
HTTP-01 is the simplest: Certbot drops a file in /.well-known/acme-challenge/, Let's Encrypt reads it through the domain. Web server must be running. DNS-01 uses a DNS record, mandatory for wildcards. TLS-ALPN-01 is less common.
Sayt.uz practice
Sayt.uz hosting auto-installs free SSL on every site, Certbot runs in the background. Renewal is automatic without reminders. For EV or OV certificates a paid option from 350,000 UZS is available via the panel. Hosting from 159,000 UZS, free SSL included.