{"id":12720,"date":"2025-12-16T11:26:22","date_gmt":"2025-12-16T05:56:22","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12720"},"modified":"2025-12-16T11:26:25","modified_gmt":"2025-12-16T05:56:25","slug":"what-is-lets-encrypt-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/what-is-lets-encrypt-on-linux-server","title":{"rendered":"What is Let&#8217;s Encrypt on Linux Server? &#8211; Step By Step Guide 2026"},"content":{"rendered":"\n<p><strong>Let\u2019s Encrypt on Linux server<\/strong> refers to installing and managing free SSL\/TLS certificates from the Let\u2019s Encrypt Certificate Authority using the ACME protocol <strong>(commonly via Certbot)<\/strong>.<\/p>\n\n\n\n<p>It enables HTTPS, automatic renewals, and secure configurations for Apache, Nginx, and reverse proxies across distributions like Ubuntu, Debian, AlmaLinux, Rocky Linux, and CentOS.<\/p>\n\n\n\n<p><strong>If you\u2019re new to HTTPS<\/strong>, learning how to use Let\u2019s Encrypt on a Linux server is the fastest, most cost-effective way to secure your site. <\/p>\n\n\n\n<p>You\u2019ll understand how Let\u2019s Encrypt works, how to install it with Certbot on popular distros, automate renewals, <a href=\"https:\/\/www.youstable.com\/blog\/fix-error-establishing-database-connection\/\">fix common errors<\/a>, and apply best-practice hardening.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-lets-encrypt-and-how-does-it-work\"><strong>What is Let\u2019s Encrypt and How Does it Work?<\/strong><\/h2>\n\n\n\n<p><strong>Let\u2019s Encrypt is a free<\/strong>, automated, open certificate authority that issues Domain Validation <strong>(DV)<\/strong> certificates.<\/p>\n\n\n\n<p>Using the ACME protocol, a client like Certbot proves domain control<strong> (via HTTP-01 or DNS-01 challenges)<\/strong> and retrieves a signed TLS certificate for your domain. Certificates are valid for 90 days and are designed to be renewed automatically.<\/p>\n\n\n\n<p><strong>Key components you\u2019ll use:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ACME Client (Certbot):<\/strong> Handles challenges, issuance, and renewal.<\/li>\n\n\n\n<li><strong>Challenges:<\/strong> HTTP-01 (file served over port 80) or DNS-01 (TXT record; required for wildcard certificates).<\/li>\n\n\n\n<li><strong>Web Server Integrations:<\/strong> Apache and Nginx plugins can configure virtual hosts automatically.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"benefits-and-limitations\"><strong>Benefits and Limitations<\/strong><\/h2>\n\n\n\n<p><strong>Why most websites choose Let\u2019s Encrypt:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Free SSL\/TLS certificates with broad browser trust.<\/li>\n\n\n\n<li>Automation-first: seamless issuance and auto-renewal.<\/li>\n\n\n\n<li>Fast setup with Certbot plugins for Apache and Nginx.<\/li>\n\n\n\n<li>Supports ECDSA and RSA keys, SAN and wildcard certificates (via DNS-01).<\/li>\n<\/ul>\n\n\n\n<p><strong>Consider these limitations:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DV only: <\/strong>no Organization Validation (OV) or Extended Validation (EV).<\/li>\n\n\n\n<li><strong>90-day validity:<\/strong> automation is essential; manual management is risky.<\/li>\n\n\n\n<li><strong>Rate limits: <\/strong>avoid excessive requests during testing; use the staging environment.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-for-installing-lets-encrypt-on-a-linux-server\"><strong>Prerequisites for Installing Let\u2019s Encrypt on a Linux Server<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A registered domain with correct DNS A\/AAAA records pointing to your server.<\/li>\n\n\n\n<li>Open ports: 80 (HTTP) and 443 (HTTPS) reachable from the internet.<\/li>\n\n\n\n<li>Sudo\/root access to your Linux server (Ubuntu\/Debian\/AlmaLinux\/Rocky Linux\/CentOS).<\/li>\n\n\n\n<li>Apache or <a href=\"https:\/\/www.youstable.com\/blog\/install-nginx-on-linux\/\">Nginx installed<\/a> (or a reverse proxy arrangement).<\/li>\n\n\n\n<li><strong>For wildcard certificates:<\/strong> API credentials for your DNS provider or ability to add TXT records.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-certbot-on-popular-linux-distributions\"><strong>Install Certbot on Popular Linux Distributions<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-and-debian-snap-recommended\"><strong>Ubuntu and Debian (Snap Recommended)<\/strong><\/h3>\n\n\n\n<p>Using Snap ensures you get the latest Certbot and plugins:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install snapd -y\nsudo snap install core\nsudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"almalinux-rocky-linux-rhel-centos\"><strong>AlmaLinux, Rocky Linux, RHEL, CentOS<\/strong><\/h3>\n\n\n\n<p>Use the distribution packages or EPEL where needed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># AlmaLinux\/Rocky\/RHEL 8\/9\nsudo dnf install -y epel-release\nsudo dnf install -y certbot python3-certbot-nginx python3-certbot-apache<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"issue-and-install-certificates-apache-nginx-standalone\"><strong>Issue and Install Certificates (Apache, Nginx, Standalone)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-automatic-configuration\"><strong>Apache: Automatic Configuration<\/strong><\/h3>\n\n\n\n<p>Certbot\u2019s <a href=\"https:\/\/www.youstable.com\/blog\/how-to-configure-apache-on-linux\/\">Apache plugin can fetch and configure<\/a> HTTPS with redirects automatically:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --apache -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n<p>During prompts, choose the option to <a href=\"https:\/\/www.youstable.com\/blog\/redirect-http-to-https\/\">redirect HTTP<\/a> to HTTPS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-automatic-configuration\"><strong>Nginx: Automatic Configuration<\/strong><\/h3>\n\n\n\n<p>Ensure your server block has the correct server_name values before running:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --nginx -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"standalone-or-webroot-for-reverse-proxies-or-custom-setups\"><strong>Standalone or Webroot (For Reverse Proxies or Custom Setups)<\/strong><\/h2>\n\n\n\n<p>If no web server is running, use standalone (it binds to port 80). Stop any service using port 80 first:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl stop nginx apache2 httpd\nsudo certbot certonly --standalone -d example.com -d www.example.com\nsudo systemctl start nginx apache2 httpd<\/code><\/pre>\n\n\n\n<p>Alternatively, use webroot if your files are served from a known path:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot certonly --webroot -w \/var\/www\/html -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"wildcard-certificates-with-dns-01\"><strong>Wildcard Certificates with DNS-01<\/strong><\/h3>\n\n\n\n<p>Wildcard certificates (e.g., *.example.com) require DNS-01. Use a DNS plugin (Cloudflare shown as example):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu\/Debian (if using APT packages instead of Snap)\nsudo apt install -y python3-certbot-dns-cloudflare\n\n# Create credentials file\nsudo mkdir -p \/root\/.secrets\nsudo nano \/root\/.secrets\/cloudflare.ini\n# Add:\n# dns_cloudflare_api_token = &lt;YOUR_TOKEN&gt;\n\nsudo chmod 600 \/root\/.secrets\/cloudflare.ini\n\n# Request wildcard + apex\nsudo certbot certonly \\\n  --dns-cloudflare \\\n  --dns-cloudflare-credentials \/root\/.secrets\/cloudflare.ini \\\n  -d example.com -d *.example.com<\/code><\/pre>\n\n\n\n<p>Point your web server to the certificate paths printed by Certbot (usually under \/etc\/letsencrypt\/live\/example.com\/).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-https-and-best-practice-tls-settings\"><strong>Enable HTTPS and Best-Practice TLS Settings<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-example\"><strong>Nginx example<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>server {\n  listen 80;\n  server_name example.com www.example.com;\n  return 301 https:\/\/$host$request_uri;\n}\n\nserver {\n  listen 443 ssl http2;\n  server_name example.com www.example.com;\n\n  ssl_certificate \/etc\/letsencrypt\/live\/example.com\/fullchain.pem;\n  ssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem;\n\n  ssl_protocols TLSv1.2 TLSv1.3;\n  ssl_prefer_server_ciphers off;\n  add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;\n\n  root \/var\/www\/html;\n  index index.html index.php;\n}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-example\"><strong>Apache example<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;VirtualHost *:80&gt;\n  ServerName example.com\n  ServerAlias www.example.com\n  Redirect permanent \/ https:\/\/example.com\/\n&lt;\/VirtualHost&gt;\n\n&lt;IfModule mod_ssl.c&gt;\n&lt;VirtualHost *:443&gt;\n  ServerName example.com\n  ServerAlias www.example.com\n\n  SSLEngine on\n  SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n  SSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n\n  Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n  DocumentRoot \/var\/www\/html\n&lt;\/VirtualHost&gt;\n&lt;\/IfModule&gt;<\/code><\/pre>\n\n\n\n<p>Enable required modules for Apache: ssl, headers, rewrite (on Debian\/Ubuntu: a2enmod ssl headers rewrite).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"automate-renewals-and-monitoring\"><strong>Automate Renewals and Monitoring<\/strong><\/h2>\n\n\n\n<p>Certbot <a href=\"https:\/\/www.youstable.com\/blog\/install-cron-jobs-on-linux\/\">installs a systemd timer or cron job<\/a> to renew certificates automatically around day 60\u201370. Always test renewals after setup:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<p><strong>Check systemd timers (if using Snap on Ubuntu\/Debian):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl list-timers | grep certbot<\/code><\/pre>\n\n\n\n<p><strong>If your web server needs a reload on renewal, add a deploy hook:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot renew --deploy-hook \"systemctl reload nginx\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-lets-encrypt-errors\"><strong>Troubleshooting Common Let\u2019s Encrypt Errors<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Challenge failed (HTTP-01 404\/403):<\/strong> Ensure DNS points to the correct server, port 80 is open, and the server_name\/webroot matches your domain.<\/li>\n\n\n\n<li><strong>Port 80 blocked:<\/strong> Let\u2019s Encrypt requires HTTP for HTTP-01. Temporarily allow it in firewalls or use DNS-01.<\/li>\n\n\n\n<li><strong>Wrong vhost: <\/strong>The ACME challenge file may be served from another vhost. Make sure the requested domain\u2019s vhost is active and enabled.<\/li>\n\n\n\n<li><strong>Behind a reverse proxy\/CDN:<\/strong> Use DNS-01 or ensure the proxy passes \/.well-known\/acme-challenge to the origin unchanged.<\/li>\n\n\n\n<li><strong>SELinux denials (RHEL family):<\/strong> Review audit logs and adjust contexts with semanage\/restorecon if needed.<\/li>\n\n\n\n<li><strong>Rate limits:<\/strong> Use the staging server during testing: &#8211;staging, then switch to production.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-usage-wildcards-multi-domain-ecdsa-keys\"><strong>Advanced Usage: Wildcards, Multi-Domain, ECDSA Keys<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"subject-alternative-names-san\"><strong>Subject Alternative Names (SAN)<\/strong><\/h3>\n\n\n\n<p>Request multiple domains in one certificate to simplify management:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --nginx -d example.com -d www.example.com -d blog.example.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ecdsa-vs-rsa\"><strong>ECDSA vs RSA<\/strong><\/h3>\n\n\n\n<p>ECDSA keys are smaller and faster. To prefer ECDSA (supported by most clients):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot certonly --key-type ecdsa --elliptic-curve secp384r1 --nginx -d example.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"staging-and-zero-downtime-testing\"><strong>Staging and Zero-Downtime Testing<\/strong><\/h3>\n\n\n\n<p>Use the staging environment to test automations without hitting rate limits:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --nginx --staging -d example.com<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-and-hardening-best-practices\"><strong>Security and Hardening Best Practices<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Redirect HTTP to HTTPS and enable HSTS for strict transport.<\/li>\n\n\n\n<li>Limit TLS versions to TLSv1.2+; prefer TLSv1.3 where possible.<\/li>\n\n\n\n<li>Use ECDSA keys when feasible; keep <a href=\"https:\/\/www.youstable.com\/blog\/private-key-for-ssl-certificate\/\">private keys<\/a> readable by root only.<\/li>\n\n\n\n<li>Enable OCSP stapling for faster, private revocation checks.<\/li>\n\n\n\n<li>Automate renewals with alerts (email logs, monitoring hooks).<\/li>\n\n\n\n<li>Back up \/etc\/letsencrypt (certificates, keys, renewal configs) securely.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-scenarios-and-tips\"><strong>Real-World Scenarios and Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Single site on VPS:<\/strong> Use &#8211;nginx or &#8211;apache for fastest setup; verify auto-renewal.<\/li>\n\n\n\n<li><strong>Multiple apps\/domains:<\/strong> Consider SAN certs or one cert per site. Document certificate paths per vhost.<\/li>\n\n\n\n<li><strong>Reverse proxy (e.g., Nginx front, apps behind):<\/strong> Terminate TLS at the proxy; use webroot or DNS-01 for issuance.<\/li>\n\n\n\n<li><strong>Behind Cloudflare:<\/strong> Either use Cloudflare\u2018s \u201cFull (strict)\u201d with an origin certificate or obtain Let\u2019s Encrypt via DNS-01 to avoid challenge issues.<\/li>\n\n\n\n<li><strong>CI\/CD pipelines: <\/strong>Use staging for test deploys; promote to production with the same flow to avoid surprises.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-lets-encrypt-on-linux-server\"><strong>FAQ&#8217;s &#8211; Let\u2019s Encrypt on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765607906455\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-lets-encrypt-really-free-and-trusted-by-browsers\"><strong>Is Let\u2019s Encrypt really free and trusted by browsers?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Let\u2019s Encrypt is a widely trusted CA included in all major browsers and operating systems. It issues Domain Validation certificates at no cost, suitable for encrypting traffic and proving domain control.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607916255\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-set-up-automatic-renewal-and-what-if-it-fails\"><strong>How do I set up automatic renewal, and what if it fails?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Certbot installs a systemd timer or cron job to renew around day 60. Test with certbot renew &#8211;dry-run. If renewal fails, check logs in \/var\/log\/letsencrypt\/ and ensure ports and DNS are correct. Add deploy hooks to reload your web server after renewal.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607924150\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-i-get-a-wildcard-certificate-with-lets-encrypt\"><strong>Can I get a wildcard certificate with Let\u2019s Encrypt?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, via DNS-01 challenge only. Use a DNS plugin (e.g., Cloudflare, Route 53) or add TXT records manually. Request both the apex (example.com) and wildcard (*.example.com) to cover all hosts.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607935815\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-lets-encrypt-work-behind-a-cdn-or-reverse-proxy\"><strong>Does Let\u2019s Encrypt work behind a CDN or reverse proxy?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>It does, but HTTP-01 can break if the CDN intercepts the challenge. Either allow the ACME path through to origin, temporarily bypass the CDN during issuance, or use DNS-01 for a reliable setup without exposing port 80 publicly.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607943813\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-use-rsa-or-ecdsa-certificates\"><strong>Should I use RSA or ECDSA certificates?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>ECDSA offers better performance and smaller keys, widely supported by modern clients. For maximum compatibility with legacy devices, you can provision dual certs on some stacks, but for most sites ECDSA (P-256 or P-384) is an excellent default.<\/p>\n<p>By following this guide, you can deploy Let\u2019s Encrypt on your Linux server confidently, automate renewals, and enforce strong TLS. If you need a done-for-you solution with 24\/7 support, YouStable\u2019s managed hosting ensures your certificates and security never become a bottleneck.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Let\u2019s Encrypt on Linux server refers to installing and managing free SSL\/TLS certificates from the Let\u2019s Encrypt Certificate Authority using [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13817,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350,1195],"tags":[],"class_list":["post-12720","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-blogging"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-Lets-Encrypt-on-Linux-Server-1.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12720"}],"version-history":[{"count":7,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12720\/revisions"}],"predecessor-version":[{"id":13819,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12720\/revisions\/13819"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13817"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}