As many of you have already found out, I’ve just added a HTTPS using Let’s Encrypt‘s SSL certificate. I mean, it’s free… So why not?
For the ones who don’t know what SSL is: SSL basically encrypts the data between you and the website, making it more secure.
I used Certbot on my Debian VPS running nginx, but for the purpose of this guide, I’ll be using the web-root method to verify and obtaining my SSL certificate. In addition, the commands are meant for root users; if you’re not, simply add a “sudo” before the commands. Let’s get started.
First you will have to install Certbot.
apt-get install certbot
or if you are running Debian 8 (jessie)
apt-get install certbot -t jessie-backports
The web-root method applies to both apache and nginx (and other web servers if you happen to have them). To use Certbot with web-root, simple use
certbot certonly --webroot
Then, you will be prompted to enter the domain and the web-root directory. After you’ve entered both of them, you should receive something like this:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/your domain/fullchain.pem. Your cert will expire on your-date. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
If you see this, then Certbot worked and you now have a free SSL certificate for 90 days. (Don’t forget to change your web url from http to https and change your web server to apply these certificates).
Now, you may ask, what happens after 90 days?
Well, you can simple renew the certificate(s) using
I’m think Certbot automatically renews the certificates for you, but if it doesn’t, simply add a cron job to run this command.
Note: Certbot only renews the near-expired certificates, so you don’t need to worry about having a bunch of extra certificates.