Cloud & VPS #DNS #VPS #SSL

Add a Domain and Free SSL to Your VPS with Let's Encrypt

6 min read · -506 views · Updated Jun 02, 2026

Once your VPS is running, connecting a domain name and securing it with a free SSL certificate from Let's Encrypt makes your website reachable over https:// — the standard your visitors and search engines expect. This guide walks you through every step, from finding your server's IP address to automatic certificate renewal.

What You Will Need

  • A Momo Cloud VPS (active and accessible via SSH)
  • A domain name — either registered at Momo Cloud or transferred/pointed here
  • Nginx or Apache already installed and serving your website
  • Root or sudo access on the server

Step 1 — Find Your VPS IP Address and Point Your Domain

Find your server's public IP

  1. Log in to the Momo Cloud client area at cloud.momo.tz.
  2. Click My Services (or Cloud Servers) and open your VPS.
  3. Copy the Main IP Address shown on the server overview page — you will need this in the next step.

Create DNS A records for your domain

How you add the records depends on where your domain's nameservers point:

If your domain uses Momo Cloud nameservers (ns1.momo.tz and ns2.momo.tz):

  1. In the client area, go to Domains, then click your domain name.
  2. Open the DNS Zone Editor (sometimes labelled Manage DNS).
  3. Add an A record for @ (or your bare domain, e.g. example.com) pointing to your VPS IP.
  4. Add a second A record for www pointing to the same IP.
  5. Save both records.

If your domain uses another DNS provider: Log in to that provider's control panel and add the same two A records there.

Record Type Host / Name Value / Points To TTL
A @ (bare domain) Your VPS IP address 3600 (or Auto)
A www Your VPS IP address 3600 (or Auto)

Wait for DNS propagation and verify

DNS changes can take anywhere from a few minutes to 48 hours to propagate globally, though Momo Cloud zones typically update within 15–30 minutes. You can verify propagation from your VPS itself:

dig +short example.com A
dig +short www.example.com A

Both commands should return your VPS IP. Alternatively, a simple ping works:

ping -c 3 example.com

Tip: Do not proceed to install the SSL certificate until dig returns your VPS IP. Let's Encrypt must be able to reach your server over the internet on port 80 to verify domain ownership — if the DNS is not pointing at your server yet, the certificate request will fail.

Step 2 — Configure Your Web Server for the Domain

Certbot needs to find a server block (Nginx) or virtual host (Apache) that already handles your domain before it can install the certificate. If you have not set one up yet, do so now.

Nginx — create a server block

  1. Create a new config file: 
    sudo nano /etc/nginx/sites-available/example.com
  2. Add a minimal server block: 
    server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html index.php;
}
  3. Enable the site and reload Nginx: 
    sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Apache — create a virtual host

  1. Create a config file at /etc/apache2/sites-available/example.com.conf with a standard <VirtualHost *:80> block pointing ServerName and ServerAlias www.example.com at your document root.
  2. Enable the site: 
    sudo a2ensite example.com.conf
sudo systemctl reload apache2

Tip: Test that your domain loads over plain HTTP (http://example.com) before running Certbot. If you see a 404 or connection error, fix the server block first.

Step 3 — Install Certbot and Get Your Free SSL Certificate

Install Certbot

On Ubuntu 20.04 / 22.04 / 24.04 (the most common Momo Cloud VPS images):

sudo apt update
sudo apt install certbot python3-certbot-nginx -y

For Apache, replace python3-certbot-nginx with python3-certbot-apache.

Request the certificate

Run Certbot with the plugin for your web server and list every domain variant you want to cover:

sudo certbot --nginx -d example.com -d www.example.com

Or for Apache:

sudo certbot --apache -d example.com -d www.example.com

Certbot will:

  • Ask for your email address (used for expiry notices)
  • Ask you to agree to the Let's Encrypt Terms of Service
  • Verify that both domain names point to this server
  • Issue the certificate and install it in your web server config
  • Ask whether to redirect all HTTP traffic to HTTPS — choose option 2 (Redirect) for the best security

When the command completes successfully you will see a message confirming the certificate path and its expiry date (90 days from today — renewal is handled automatically).

Tip: If your VPS has a firewall (UFW is common on Ubuntu), make sure ports 80 and 443 are open before running Certbot: sudo ufw allow 'Nginx Full' or sudo ufw allow 80 && sudo ufw allow 443.

Step 4 — Confirm Automatic Renewal

Let's Encrypt certificates expire after 90 days, but Certbot installs a system timer or cron job that renews them automatically. Test the renewal process with a dry run — this simulates the renewal without actually changing anything:

sudo certbot renew --dry-run

You should see Congratulations, all simulated renewals succeeded at the end of the output. If so, your certificate will renew automatically before it expires and your site will stay secure without any manual intervention.

To check when your certificate is due to expire at any time:

sudo certbot certificates

Troubleshooting

Certificate request fails

  • Domain not pointing to this server yet: Run dig +short example.com A — if it does not return your VPS IP, wait for DNS to propagate and try again.
  • Port 80 blocked by a firewall: Let's Encrypt uses an HTTP-01 challenge over port 80. Run sudo ufw status (or check your cloud firewall in the Momo Cloud panel) and make sure port 80 is open.
  • No server block for the domain: Certbot must find a matching server_name (Nginx) or ServerName (Apache) before it can install the certificate. Add the server block as shown in Step 2 and retry.

Site not loading after adding the certificate

  • A record is wrong or still propagating: Double-check the IP in your DNS zone matches your VPS IP exactly (no trailing spaces). Use dig to confirm from the server itself.
  • Nginx/Apache not reloaded: Run sudo systemctl reload nginx (or apache2) after any config change.

Mixed content warnings after enabling HTTPS

If your browser shows a padlock with a warning, some page assets (images, scripts, stylesheets) are still loading over http://. Update any hard-coded http:// URLs in your site's HTML, CSS, or CMS settings to use https:// — or relative URLs — to resolve the warning.

Your Domain Is Now Secure

With your A records pointing to your Momo Cloud VPS, a correctly configured server block, and a Let's Encrypt certificate installed by Certbot, your website now loads over HTTPS automatically. Visitors will see a padlock in their browser, and the certificate will silently renew every 60–90 days so you never need to think about it again. If you run into any issues, the Momo Cloud support team is available through the client area at cloud.momo.tz.

Was this article helpful?

#DNS #VPS #SSL
Share
Back to Cloud & VPS

Related articles

All articles
Cloud & VPS

Getting Started with Your Momo Cloud VPS (cloud.momo.tz)

Your Momo Cloud VPS gives you a full Linux server you control completely — this guide walks you through everything from...

Read article
Cloud & VPS

Securing Your VPS: Firewall, SSH Keys and Fail2ban

Why Security Matters the Moment Your VPS Is Live A fresh VPS connected to the internet is scanned by automated bots wit...

Read article
Cloud & VPS

Setting Up a LEMP Stack (Nginx, MySQL, PHP) on Your Momo Cloud VPS

What Is a LEMP Stack? A LEMP stack is a combination of four open-source technologies — Linux, Nginx (pronounced "Engine-...

Read article
Back to Knowledge Base