LetsEncrypt is a certificate authority with an automated client. In short, this means that you can secure your websites at no cost. That’s right, you can go from http://yourdomain.com to https://yourdomain.com for free. Note though, it’s at the discretion of LetsEncrypt to issue you a certificate.
Getting started
You will need git installed on your Linux distro.
Ubuntu, Debian
sudo apt-get update
sudo apt-get install git-all
RedHat, CentOS
sudo yum update
sudo yum install git-all
Installation
Now that git is installed on your system, you can clone the LetsEncrypt repo.
mkdir ~/src
cd ~/src
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sudo chmod g+x letsencrypt-auto
./letsencrypt-auto
Give it a little bit of time to update, install any missing dependencies as needed.
Using LetsEncrypt
Once Let’s Encrypt has finished installing, you can issue certificates in a snap.
For Apache2
Stop the apache2 service.
Then, run LetsEncrypt:
./letsencrypt-auto --apache --email=YOUREMAIL@YOURDOMAIN.COM -d YOURDOMAIN.COM -d SUB.YOURDOMAIN.COM -d ANYDOMAIN.YOUWANT.NET
This command calls LetsEncrypt, telling it that we are using Apache so that it can automate the install process. It notifies LetsEncrypt of our email address, and tells them the domains for which we would like certificates. You can use any domain you want after the -d flag because that tells LetsEncrypt “this person wants a cert for this domain”. LetsEncrypt will automate this whole process and add the proper lines of code to the config file for your domain.
For Nginx
LetsEncrypt for Nginx is very experimental. Use it at your own risk (make a backup your configuration first).
./letsencrypt-auto certonly --email=YOUREMAIL@YOURDOMAIN.COM -d YOURDOMAIN.COM -d SUB.YOURDOMAIN.COM
This will generate a certificate in the following directory /etc/letsencrypt/live/YOURDOMAIN.COM.
To get the traffic switched over to using SSL, you will need to edit your Nginx site config file. For example:
sudo nano /etc/nginx/sites-enabled/default
In the config file, make sure that the server is listening on port 443 and that the SSL certificate locations are properly defined. Your config file should resemble the following:
server {
listen 443;
server_name yourdomain.com sub.yourdomain.com;
root /usr/share/nginx/www;
index index.html index.htm;
ssl on;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
}
Save the file, restart Nginx, and you’ll be ready to go!
Enjoy your new secure website!