Install Let's Encrypt SSL on AWS EC2 Ubuntu (with Certbot & Nginx)

Step-by-step guide to securing your AWS EC2 Ubuntu instance with a free Let's Encrypt TLS/SSL certificate using Certbot and Nginx, updated for modern Ubuntu.

Published: • 10–12 min read

Let's Encrypt provides free TLS/SSL certificates so your website can use HTTPS. On AWS EC2 with Ubuntu, the easiest way to get and renew these certificates is with Certbot. This guide shows you how to secure an Nginx site on Ubuntu using the modern, Snap-based Certbot installation, inspired by older tutorials but updated for today's tooling.

📚 What You'll Learn

→ Prerequisites for using Let's Encrypt on an AWS EC2 Ubuntu instance
→ How to install Certbot using Snap (recommended for Ubuntu)
→ How to issue and auto-configure an HTTPS certificate for Nginx
→ How automatic renewal works and how to test it

1. Prerequisites

✔ An AWS EC2 instance running Ubuntu (22.04 / 20.04 or similar)
✔ A registered domain name pointing to your EC2 public IP (via DNS A/AAAA record)
✔ Nginx installed and serving your site on HTTP (port 80)
✔ SSH access with sudo privileges

Important: Let's Encrypt does not issue certificates for raw IP addresses (e.g. 192.168.1.10). You must use a real domain (like example.com) that resolves to your server.

2. Install Certbot on Ubuntu (Snap method)

Older guides used a Certbot PPA (e.g. ppa:certbot/certbot) and packages like python-certbot-nginx. On modern Ubuntu releases, the official recommendation is to use Snap instead. We'll start with the modern Snap approach and then, in the next section, briefly cover the legacy PPA method for older Ubuntu versions.

2.1 Update packages and install Snap

sudo apt update
sudo apt install snapd -y

2.2 Install and refresh Snap core

sudo snap install core
sudo snap refresh core

2.3 Install Certbot

sudo snap install --classic certbot

Create a convenient symlink so you can run certbot directly:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

3. Legacy PPA-based Certbot install (older Ubuntu)

If you're running an older Ubuntu release (for example, 16.04 or 18.04) and can't use Snap, you may still find guides that use the ppa:certbot/certbot repository. This method is deprecated but helpful to understand if you maintain legacy servers.

3.1 Add Certbot PPA and dependencies

First, connect to your EC2 Ubuntu instance via SSH, then run:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

This installs the tools needed for managing PPAs, adds the Certbot repository, and refreshes your package index.

3.2 Install Certbot plugins for Apache or Nginx

Choose the package that matches your web server:

# For Apache
sudo apt-get install python-certbot-apache

# For Nginx
sudo apt-get install python-certbot-nginx

These packages install Certbot plus the appropriate plugin to automatically edit your Apache/Nginx configuration.

3.3 Issue certificates (Apache or Nginx)

Once Certbot is installed, you can request certificates for one or more domains. The first domain is treated as the primary name, additional ones are aliases:

# Apache example
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

# Nginx example
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot will store your certificate and private key under /etc/letsencrypt/live/yourdomain.com/ and automatically update your virtual host / server block configuration in /etc/apache2/sites-available/ or /etc/nginx/sites-available/.

Note: On newer Ubuntu versions, this PPA-based flow may fail or be unavailable. Prefer the Snap method in section 2 whenever possible.

4. Obtain a Let's Encrypt SSL certificate for Nginx

Make sure Nginx is serving your site on port 80 and the domain points to this server. Then run Certbot's Nginx plugin, which will obtain a certificate and update your Nginx configuration automatically.

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com and www.yourdomain.com with your real domain(s).
Certbot will ask for an email address and terms of service agreement.
You can choose whether to redirect all HTTP traffic to HTTPS (recommended).

5. Test automatic renewal

Let's Encrypt certificates are valid for 90 days. Certbot installs a systemd timer to renew them automatically. You can simulate a renewal to confirm everything is wired correctly:

sudo certbot renew --dry-run

If you see no errors, your certificates will renew automatically before they expire.

6. Common issues & fixes

E: Unable to locate package python-certbot-nginx

This usually means you're following an old PPA-based guide. Remove the PPA and use the Snap method shown above instead.

Challenge failed / HTTP-01 validation errors

Ensure port 80 is open in your AWS security group and that your domain's DNS A/AAAA record points to this EC2 instance. Certbot must be able to reach http://yourdomain.com/.well-known/ during validation.

7. Summary

With Certbot and Let's Encrypt, you can secure your AWS EC2 Ubuntu instance with HTTPS in just a few commands. Compared to older PPA-based approaches, the Snap method is more reliable on modern Ubuntu versions and keeps Certbot up to date automatically.

certbot nginx certbot ppa not found free ssl certificate nginx ssl setup ssl ubuntu ubuntu certbot ssl

Read

Manage Multiple Python Versions on Ubuntu with Pyenv

Ankaj Gupta

February 05, 2026

Manage Multiple Python Versions on Ubuntu with Pyenv

Pyenv on Ubuntu: Install, Switch, and Manage Multiple Python Versions (Safely)

A practical, copy-paste friendly guide to installing pyenv, building Python versions, and keeping system Python untouched.

Published: • 10–12 min read

Ubuntu ships with a “system Python” that OS tools rely on. Replacing or altering it can break package managers and system utilities. pyenv solves this by installing additional Python versions under your home directory and switching between them via lightweight shims—so your OS stays safe while your projects stay reproducible.

📚 What You’ll Learn

→ How pyenv works (shims + version selection)
→ Installing pyenv on Ubuntu (recommended method)
→ Installing a specific Python version and setting it globally/locally
→ Best practices: virtual environments, upgrades, and troubleshooting

1. Why pyenv (and why not replace system Python)

On Ubuntu, the system Python may be used by OS components and package tooling. pyenv installs additional Pythons under ~/.pyenv and selects them by updating your PATH to point at pyenv’s shims first.

✅ What you get

✓ Multiple Python versions side-by-side (per user, no sudo)
✓ Project-specific versions via .python-version
✓ Simple switching: global, local, or shell session

⚠️ What to avoid

• Don’t remove/replace Ubuntu’s system Python packages
• Don’t rely on sudo pip for system installs

2. Install build dependencies (Ubuntu)

pyenv builds CPython from source, so you’ll need compilers and common libraries. Run:

sudo apt update
sudo apt install -y \
  make build-essential libssl-dev zlib1g-dev \
  libbz2-dev libreadline-dev libsqlite3-dev \
  wget curl llvm libncursesw5-dev xz-utils tk-dev \
  libffi-dev liblzma-dev

If you later hit build errors (OpenSSL, zlib, bz2), revisit this step—missing system libraries are the #1 cause of pyenv install failures.

3. Install pyenv

The official installer script downloads pyenv and common plugins into ~/.pyenv. It does not automatically edit your shell files—you’ll do that in the next step.

curl -fsSL https://pyenv.run | bash

Prefer not to pipe to bash? You can also install from the official GitHub repo; see references at the end.

4. Configure your shell (Bash / Zsh)

You need two things: put pyenv on PATH, and initialize it so the shims work. Add the snippet below to the appropriate file(s) for your shell.

Bash (Ubuntu default)

Add to ~/.bashrc:

export PYENV_ROOT="$HOME/.pyenv"
[[ -d "$PYENV_ROOT/bin" ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init - bash)"

For login shells, also ensure PATH is set early (often ~/.profile on Ubuntu):

export PYENV_ROOT="$HOME/.pyenv"
[[ -d "$PYENV_ROOT/bin" ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init --path)"

Zsh

Add to ~/.zshrc:

export PYENV_ROOT="$HOME/.pyenv"
[[ -d "$PYENV_ROOT/bin" ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init - zsh)"

Restart your terminal (or run source ~/.bashrc) and verify:

pyenv --version
pyenv root

5. Install a Python version (example: Python 3.12)

First, list available versions and pick the exact patch release you want:

pyenv install --list | grep -E "^\s*3\.12\."

Then install one of the listed versions (replace 3.12.x with a real value from your list):

pyenv install 3.12.x

6. Switch Python versions (global / local / shell)

🌍 Global

Default for your user account.

pyenv global 3.12.x
python --version

📌 Local (per project)

Writes .python-version in the folder.

cd your/project
pyenv local 3.12.x

⏱️ Shell (this terminal only)

Temporary override for the current session.

pyenv shell 3.12.x

Use pyenv versions to see what’s installed and what’s active.

7. Best practice: use virtual environments

pyenv selects the Python interpreter. For project dependencies, still use an isolated environment:

python -m venv .venv
source .venv/bin/activate
python -m pip install -U pip

🧠 Tip: keep it predictable

Commit .python-version (pyenv) and a dependency lock strategy (requirements.txt, poetry.lock, etc.) so teammates and CI use the same interpreter and packages.

8. Troubleshooting common pyenv install issues

“python-build: error: … OpenSSL / zlib / bz2 …”

Re-check the Ubuntu build dependencies from Step 2. Missing libssl-dev, zlib1g-dev, or libbz2-dev is very common.

“pyenv: command not found”

Your shell isn’t loading pyenv yet. Confirm you added the init snippet to the right file, then restart the terminal. Also run echo $SHELL to confirm whether you’re using bash or zsh.

References

pyenv Python ubuntu