Let's Encrypt - time to get serious about TLS
Table of Contents
Let’s Encrypt is a new Certificate Authority that’s serious about democratizing SSL on the internet.
Let’s Encrypt offers free certificates, as opposed to a $10-1000 price tag, depending on the amount of bonus nonsense you’re purchasing with it.
Currently, as Let’s Encrypt is still in open beta, the entire process of obtaining and installing a certificate is fully automated only on Apache web servers. However, Let’s Encrypt can be used to easily obtain a free SSL certificate, which can be installed manually, regardless of your choice of web server software.
How to get the Let’s Encrypt client? #
Install Git & BC #
Ensure to update apt-get before proceeding.
sudo apt-get -y install git bc
Once installed, we can use git to download letsencrypt.
Clone Let’s Encrypt from GitHub #
Clone the Let’s Encrypt repository to /opt/letsencrypt.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Now you’re ready to generate certificates.
Generating a certificate using Let’s Encrypt #
Simply run the following command, and follow the prompts:
./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d [example.com] -d [www.example.com]
Replace your [example.com] and [www.example.com] with your actual domain names.
Follow the prompts, entering your email address and agreeing to the terms and conditions.
Once complete, your certificate will exist at:
/etc/letsencrypt/live/[example.com]
The included certificate files are:
cert.pem: Your domain's certificate
chain.pem: Let's Encrypt chain certificate
fullchain.pem: The above two files combined
privkey.pem: Your certificate's private key
The private key ideally should never leave your server.
That’s it! You’re done. Let’s Encrypt makes it that easy to generate a new certificate. Pipeline the process.