let's-encrypt

Let’s Encrypt SSL

As many of you have already found out, I’ve just added a HTTPS using Let’s Encrypt‘s SSL certificate. I mean, it’s free… So why not?

For the ones who don’t know what SSL is: SSL basically encrypts the data between you and the website, making it more secure.

SSL Setup:

I used Certbot on my Debian VPS running nginx, but for the purpose of this guide, I’ll be using the web-root method to verify and obtaining my SSL certificate. In addition, the commands are meant for root users; if you’re not, simply add a “sudo” before the commands. Let’s get started.

Installing Certbot

First you will have to install Certbot.

apt-get install certbot

or if you are running Debian 8 (jessie)

apt-get install certbot -t jessie-backports

Web-root

The web-root method applies to both apache and nginx (and other web servers if you happen to have them). To use Certbot with web-root, simple use

certbot certonly --webroot

Then, you will be prompted to enter the domain and the web-root directory. After you’ve entered both of them, you should receive something like this:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/your domain/fullchain.pem. Your cert
   will expire on your-date. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

If you see this, then Certbot worked and you now have a free SSL certificate for 90 days. (Don’t forget to change your web url from http to https and change your web server to apply these certificates).

Renewal

Now, you may ask, what happens after 90 days?

Well, you can simple renew the certificate(s) using

certbot renew

I’m think Certbot automatically renews the certificates for you, but if it doesn’t, simply add a cron job to run this command.

Note: Certbot only renews the near-expired certificates, so you don’t need to worry about having a bunch of extra certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.