Vultr DocsLatest Content
Associated Doc

How Do I Install an SSL Certificate on a Vultr Compute Instance?

Updated on 15 September, 2025

A guide for implementing SSL certificate encryption on Vultr Compute instances to enable secure HTTPS connections.

Securing your Vultr Compute instance with an SSL certificate enables encrypted HTTPS connections to your website or application, protecting your users' data and improving trustworthiness.

SSL Certificate Options

You can choose from three main types of SSL certificates:

  • Let's Encrypt (Recommended): A free and automated certificate authority ideal for most use cases.
  • Commercial Certificates: Paid certificates issued by commercial CAs, often required for advanced validation or enterprise use.
  • Self-Signed Certificates: Suitable for internal or testing environments, but not trusted by browsers.

To help you decide, see How to Choose an SSL/TLS Certificate.

Setup Your Web Server

  1. Deploy a Vultr Compute Instance running a supported OS (e.g., Ubuntu, CentOS, Debian).

  2. Install a web server, such as Apache or Nginx.

  3. Point your domain to your instance's IP address using an A record. You can set DNS records in your Vultr DNS or via your domain registrar.

    Example A record:

    Type: A
Name: @
Value: <Your Instance IP>
TTL: 300

Install a Free Let's Encrypt SSL Certificate

Let’s Encrypt provides free certificates using the certbot utility, which automatically configures your web server for HTTPS.

  1. Install Certbot.

    • For Ubuntu or Debian:

      console 
      $ sudo apt update
$ sudo apt install certbot python3-certbot-nginx  # For Nginx
# or
$ sudo apt install certbot python3-certbot-apache  # For Apache

    • For CentOS, Rocky, or AlmaLinux:

      console 
      sudo dnf install epel-release
sudo dnf install certbot python3-certbot-nginx  # or python3-certbot-apache for httpd

  2. Run the below command to request and configure a SSL certificate.

    console 
    $ sudo certbot --nginx
# or
$ sudo certbot --apache

    Follow the on-screen prompts to:

    • Enter your domain name.
    • Select whether to redirect HTTP to HTTPS (recommended).

After completed, your site will be secured with SSL.

Note
Ensure port 80 (HTTP) and 443 (HTTPS) are open in both your instance's firewall (ufw, iptables or firewalld) and your Vultr Firewall Group.

Renewing Certificates

Let’s Encrypt certificates expire every 90 days. Certbot installs a systemd timer or cron job to automatically renew them. You can verify renewal with:

console 
$ sudo certbot renew --dry-run

Installing a Commercial or Self-Signed Certificate

  1. Upload your .crt, .key, and CA bundle files to the server.

  2. Edit your web server configuration to include:

    • For Nginx:

      ini 
      server {
listen 443 ssl;
server_name yourdomain.com;

ssl_certificate /etc/ssl/certs/yourdomain.crt;
ssl_certificate_key /etc/ssl/private/yourdomain.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;

...
}

    • For Apache (with SSL module enabled):

      ini 
      <VirtualHost *:443>
  ServerName yourdomain.com

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/yourdomain.crt
  SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
  SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt

  ...
</VirtualHost>

  3. Restart the web server.

console 
$ sudo systemctl restart nginx    # For Nginx
$ sudo systemctl restart apache2  # For Apache

You have now successfully secured your Vultr Compute instance with an SSL certificate, ensuring encrypted and trusted communication for your users.