{"id":14225,"date":"2025-12-30T11:06:47","date_gmt":"2025-12-30T05:36:47","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14225"},"modified":"2025-12-30T11:06:49","modified_gmt":"2025-12-30T05:36:49","slug":"create-lets-encrypt-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-lets-encrypt-on-linux-server","title":{"rendered":"How to Create Let&#8217;s Encrypt on Linux Server with Certbot"},"content":{"rendered":"\n<p><strong>To create Let\u2019s Encrypt on a Linux server<\/strong>, install Certbot, validate your domain via HTTP-01 or DNS-01, issue a free SSL\/TLS certificate, configure your web server (Nginx\/Apache), and enable auto-renew.<\/p>\n\n\n\n<p>The fastest approach is using Snap to install Certbot, then running certbot &#8211;nginx or certbot &#8211;apache to obtain and configure HTTPS automatically.<\/p>\n\n\n\n<p>Securing your website with Let\u2019s Encrypt on a Linux server is straightforward, free, and great for SEO. In this guide, I\u2019ll show you exactly how to install and configure Let\u2019s Encrypt with Certbot for Nginx and Apache, enable auto-renewal, handle wildcard domains, and fix common issues\u2014using practical steps I use on production servers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-lets-encrypt-and-why-it-matters\"><strong>What is Let\u2019s Encrypt and Why It Matters<\/strong>?<\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 40%\"><div class=\"wp-block-media-text__content\">\n<p>Let\u2019s Encrypt is a free, automated, and open certificate authority (CA) that issues SSL\/TLS certificates so your site serves HTTPS. Certificates last 90 days, but Certbot handles renewal automatically. <\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"784\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-Lets-Encrypt-and-Why-It-Matters.jpg\" alt=\"What Is Let\u2019s Encrypt and Why It Matters\" class=\"wp-image-14372 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-Lets-Encrypt-and-Why-It-Matters.jpg 1168w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-Lets-Encrypt-and-Why-It-Matters-150x101.jpg 150w\" sizes=\"auto, (max-width: 1168px) 100vw, 1168px\" \/><\/figure><\/div>\n\n\n\n<p>HTTPS improves security, trust, and rankings\u2014Google favors secure sites, and modern browsers warn users on non-HTTPS pages.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-before-you-start\"><strong>Prerequisites (Before You Start)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Linux server (Ubuntu, Debian, Rocky\/AlmaLinux, CentOS Stream, etc.)<\/li>\n\n\n\n<li>Root or sudo access<\/li>\n\n\n\n<li>A fully qualified domain name (FQDN) pointed to your server\u2019s IP (A\/AAAA DNS records)<\/li>\n\n\n\n<li>Open ports 80 (HTTP) and 443 (HTTPS) on your firewall and cloud security group<\/li>\n\n\n\n<li>Nginx or <a href=\"https:\/\/www.youstable.com\/blog\/install-apache-web-server-in-linux\/\">Apache installed<\/a> and serving your site<\/li>\n<\/ul>\n\n\n\n<p><strong>Tip:<\/strong> On managed VPS or cloud hosting from YouStable, you can request a preconfigured LEMP\/LAMP stack with firewall and Let\u2019s Encrypt ready to go\u2014ideal if you want a faster, support-backed setup.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-install-certbot-the-right-way\"><strong>Quick Start: Install Certbot the Right Way<\/strong><\/h2>\n\n\n\n<p>Snap provides the latest Certbot across most distros. It avoids outdated repository versions and plugin mismatches.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># 1) Install Snap and Certbot (Ubuntu\/Debian)\nsudo apt update\nsudo apt install -y snapd\nsudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\n\n# (RHEL\/Rocky\/AlmaLinux\/CentOS Stream)\nsudo dnf install -y epel-release\nsudo dnf install -y snapd\nsudo systemctl enable --now snapd.socket\nsudo ln -s \/var\/lib\/snapd\/snap \/snap\nsudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n\n\n\n<p>Open your firewall for web traffic if it\u2019s not already open.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Using UFW (Ubuntu\/Debian)\nsudo ufw allow 80,443\/tcp\nsudo ufw reload\n\n# Using firewalld (RHEL family)\nsudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-get-and-install-a-lets-encrypt-certificate\"><strong>Nginx: Get and Install a Let\u2019s Encrypt Certificate<\/strong><\/h3>\n\n\n\n<p>If your site is already live on Nginx and the server block points to your domain, the Nginx plugin can obtain and configure SSL automatically.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Replace example.com with your domain; add -d for each domain\/subdomain\nsudo certbot --nginx -d example.com -d www.example.com\n\n# Test the renewal (dry run)\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<p>Certbot updates your Nginx config, adds the certificate and key, and sets strong TLS defaults. Always reload Nginx if you manually change configurations.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nginx -t &amp;&amp; sudo systemctl reload nginx<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-get-and-install-a-lets-encrypt-certificate\"><strong>Apache: Get and Install a Let\u2019s Encrypt Certificate<\/strong><\/h3>\n\n\n\n<p>For Apache, the plugin handles VirtualHost updates automatically if your vhost is configured for your domain.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Replace example.com with your domain\nsudo certbot --apache -d example.com -d www.example.com\n\n# Validate renewal\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"dont-use-plugins-use-webroot-mode\"><strong>Don\u2019t Use Plugins? Use Webroot Mode<\/strong><\/h3>\n\n\n\n<p>If you manage configs by hand or run a custom stack, use the webroot plugin. It drops challenge files in your website\u2019s document root and avoids auto-editing configs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Nginx or Apache with document root at \/var\/www\/example\nsudo certbot certonly --webroot -w \/var\/www\/example -d example.com -d www.example.com\n\n# Cert files live under:\n# \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n# \/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"sample-nginx-and-apache-ssl-configs-manual\"><strong>Sample Nginx and Apache SSL Configs (Manual)<\/strong><\/h3>\n\n\n\n<p>If you issued with webroot or want manual control, point to the live certificate paths.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/nginx\/sites-available\/example.conf\nserver {\n    listen 80;\n    server_name example.com www.example.com;\n    root \/var\/www\/example;\n    location \/.well-known\/acme-challenge\/ { allow all; }\n    return 301 https:\/\/$host$request_uri;\n}\nserver {\n    listen 443 ssl http2;\n    server_name example.com www.example.com;\n    root \/var\/www\/example;\n\n    ssl_certificate \/etc\/letsencrypt\/live\/example.com\/fullchain.pem;\n    ssl_certificate_key \/etc\/letsencrypt\/live\/example.com\/privkey.pem;\n\n    # Optional hardening\n    ssl_protocols TLSv1.2 TLSv1.3;\n    ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20;\n    add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;\n\n    location \/ {\n        try_files $uri $uri\/ =404;\n    }\n}<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># Apache vhost (enable modules: ssl, headers)\n# \/etc\/apache2\/sites-available\/example-ssl.conf\n&lt;VirtualHost *:443&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    DocumentRoot \/var\/www\/example\n\n    SSLEngine on\n    SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n\n    Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"\n&lt;\/VirtualHost&gt;\n\n# <a href=\"https:\/\/www.youstable.com\/blog\/redirect-http-to-https\/\">Redirect HTTP<\/a> to HTTPS (port 80 vhost)\n&lt;VirtualHost *:80&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    Redirect permanent \/ https:\/\/example.com\/\n&lt;\/VirtualHost&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-and-verify-auto-renewal\"><strong>Enable and Verify Auto-Renewal<\/strong><\/h3>\n\n\n\n<p>Let\u2019s Encrypt certificates renew automatically via a systemd timer when installed with Snap. Verify it and run a dry-run test.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Check timer\nsystemctl list-timers | grep certbot\n\n# Dry-run\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\n<p>If you installed Certbot from a package without timers, set a <a href=\"https:\/\/www.youstable.com\/blog\/install-cron-jobs-on-linux\/\">cron job<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Cron (runs twice daily)\necho '0 3,15 * * * root certbot renew --quiet --post-hook \"systemctl reload nginx || systemctl reload apache2\"' | sudo tee \/etc\/cron.d\/certbot<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"wildcard-certificates-dns-01-challenge\"><strong>Wildcard Certificates (DNS-01 Challenge)<\/strong><\/h3>\n\n\n\n<p>Wildcard certificates like *.example.com require DNS-01 validation. You\u2019ll add a TXT record at _acme-challenge.example.com. Many DNS providers support automated APIs via Certbot plugins.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Manual DNS challenge (any web server)\nsudo certbot -d example.com -d '*.example.com' --manual --preferred-challenges dns --agree-tos --no-eff-email -m admin@example.com\n\n# Follow prompts to add the TXT record, then continue.\n# After issuance, configure your <a href=\"https:\/\/www.youstable.com\/blog\/what-is-apache-web-server-on-linux\/\">web server<\/a> with the issued cert paths.<\/code><\/pre>\n\n\n\n<p>For automation, use your DNS provider\u2019s Certbot plugin (e.g., certbot-dns-cloudflare). Store API tokens securely and automate renewals without downtime.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"verification-and-ssl-quality-checks\"><strong>Verification and SSL Quality Checks<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Browser test: <\/strong>Visit https:\/\/example.com and confirm the secure padlock.<\/li>\n\n\n\n<li><strong>Command-line test: <\/strong>curl -I https:\/\/example.com and expect HTTP\/2 200.<\/li>\n\n\n\n<li><strong>Certificate chain:<\/strong> openssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -issuer -dates<\/li>\n\n\n\n<li><strong>External scanners:<\/strong> Use SSL Labs to confirm A\/A+ and modern TLS ciphers.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -I https:\/\/example.com\nopenssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -issuer -dates<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-errors\"><strong>Troubleshooting Common Errors<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"challenge-failed-http-01\"><strong>Challenge failed (HTTP-01)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNS not propagated:<\/strong> Ensure A\/AAAA records resolve to your server. Check with dig or nslookup.<\/li>\n\n\n\n<li><strong>Firewall\/Ports:<\/strong> Open 80 and 443 in OS firewall and cloud provider security groups.<\/li>\n\n\n\n<li><strong>Reverse proxies\/CDNs: <\/strong>If using Cloudflare \u201corange cloud,\u201d temporarily set DNS to \u201cgray cloud\u201d (DNS-only) or use DNS-01.<\/li>\n\n\n\n<li><strong>Wrong webroot: <\/strong>Ensure \/.well-known\/acme-challenge is reachable and not blocked by rewrite rules.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"permission-or-selinux-issues\"><strong>Permission or SELinux issues<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On SELinux-enabled systems, allow web server access to webroot: restorecon -Rv \/var\/www\/example<\/li>\n\n\n\n<li>Ensure Certbot can write to \/var\/lib\/letsencrypt and \/etc\/letsencrypt.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rate-limits\"><strong>Rate limits<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Let\u2019s Encrypt enforces weekly limits (e.g., 50 certificates per registered domain). Consolidate SANs (multiple -d flags) and avoid reissuing repeatedly.<\/li>\n\n\n\n<li>Use the staging server for testing: &#8211;staging flag to bypass production limits while you debug.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-and-best-practices\"><strong>Security and Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Prefer ECDSA keys for performance:<\/strong> use &#8211;key-type ecdsa (if your stack supports it).<\/li>\n\n\n\n<li>Enforce HTTPS with 301 redirects and HSTS (with care\u2014test first).<\/li>\n\n\n\n<li>Enable TLS 1.2 and 1.3 only; disable obsolete protocols and ciphers.<\/li>\n\n\n\n<li>Monitor renewals with email alerts (set -m in Certbot, check logs under \/var\/log\/letsencrypt\/).<\/li>\n\n\n\n<li>Back up \/etc\/letsencrypt (certs, keys, renewal configs) securely.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example with ECDSA key type\nsudo certbot --nginx --key-type ecdsa -d example.com -d www.example.com<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-tips-from-production-hosting\"><strong>Real-World Tips from Production Hosting<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Clock drift breaks TLS:<\/strong> install chrony or systemd-timesyncd to keep time accurate.<\/li>\n\n\n\n<li><strong>IPv6 matters: <\/strong>make sure AAAA records point to the server and ports are open on IPv6.<\/li>\n\n\n\n<li><strong>Multiple vhosts:<\/strong> ensure the correct server_name matches the requested domain; default vhosts often capture traffic unintentionally.<\/li>\n\n\n\n<li><strong>Containers:<\/strong> use a reverse proxy (Traefik, Nginx Proxy Manager, Caddy) or Certbot in the host with webroot mapped to the container.<\/li>\n\n\n\n<li><strong>Staging to production:<\/strong> issue on staging with &#8211;staging first, then switch to production CA after configs are stable.<\/li>\n<\/ul>\n\n\n\n<p>If you prefer a done-for-you setup, YouStable\u2019s VPS and Dedicated servers can ship with Nginx\/Apache, HTTP\/3, and Let\u2019s Encrypt preconfigured, plus proactive monitoring of renewals.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765949446767\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-how-do-i-install-lets-encrypt-on-ubuntu-with-nginx\">1. <strong>How do I install Let\u2019s Encrypt on Ubuntu with Nginx?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Install Certbot via Snap, then run certbot &#8211;nginx -d example.com -d www.example.com. Certbot fetches the certificate, edits Nginx, reloads it, and enables auto-renew. Validate with certbot renew &#8211;dry-run.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765949473363\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-can-i-get-a-wildcard-ssl-certificate-with-lets-encrypt\">2. <strong>Can I get a wildcard SSL certificate with Let\u2019s Encrypt?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Use DNS-01 validation: certbot -d example.com -d &#8216;*.example.com&#8217; &#8211;manual &#8211;preferred-challenges dns. For automation, use a DNS plugin (e.g., certbot-dns-cloudflare) with API tokens to renew without manual TXT updates.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765949487783\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-why-is-my-lets-encrypt-renewal-failing\">3. <strong>Why is my Let\u2019s Encrypt renewal failing?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Common causes: blocked port 80, incorrect DNS, webroot mismatch, CDN proxy interference, or SELinux denials. Check \/var\/log\/letsencrypt\/letsencrypt.log, verify DNS, ensure \/.well-known\/acme-challenge is accessible, and run certbot renew &#8211;dry-run for clues.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765949497662\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-does-lets-encrypt-support-ecdsa-certificates\">4. <strong>Does Let\u2019s Encrypt support ECDSA certificates?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Use &#8211;key-type ecdsa when issuing. Ensure your web server and clients support ECDSA. It\u2019s faster and lighter than RSA while maintaining strong security.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765949513782\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-will-https-improve-seo-for-my-site\">5. <strong>Will HTTPS improve SEO for my site?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Absolutely. HTTPS is a ranking signal, enables HTTP\/2\/3 for speed, and builds trust. Browsers mark HTTP as \u201cNot Secure,\u201d which hurts conversions and engagement. Let\u2019s Encrypt helps you achieve this without extra cost.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To create Let\u2019s Encrypt on a Linux server, install Certbot, validate your domain via HTTP-01 or DNS-01, issue a free [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16687,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14225","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-Lets-Encrypt-on-Linux-Server-with-Certbot.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14225"}],"version-history":[{"count":7,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14225\/revisions"}],"predecessor-version":[{"id":16689,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14225\/revisions\/16689"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16687"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}