Let’s Encrypt: How to Generate Free Signed SSL Certificate For Your Domain

Let’s Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

Let’s Encrypt made it easy for you to generate your signed certificate on your system, so this requires installation of their package on your system.

Installing Let’s Encrypt

Let’s Encrypt package is on GitHub for now, which they are planning for it to appear on Debian repositories. So you’ll clone down the git repository down to your local server by running

$ git clone https://github.com/letsencrypt/letsencrypt 
$ cd letsencrypt

After cloning is done, you need to run ./letsencrypt-auto to automatically fix dependencies (installing and updating dependencies)

$ ./letsencrypt-auto


Generating SSL Certificate

Now you are done with installation, you now generate the certificate.

Domain: donjajo.com and www.donjajo.com

I’m on my localhost and I need to create a certificate for this blog which is already online, run

$ ./letsencrypt-auto -d donjajo.com -d www.donjajo --manual certonly


snapshot18Dependencies are checked, this might take upto a minute. A notification is popped up for your IP being logged as whom requested foe the certificate. Accept it snapshot20Once accepted, verification of the domain name starts. This verification requires a file provided by the package to be present on the server which the domain serves.snapshot19As show above, the file .well-known/acme-challenge/_0_RbSH4jnPEEE2hnZnVgpqX9pszcBz4BR0LsLNPOY8 must exist on the domain containing this string



So all you do is goto your web host, create the directory .well-known/acme-challenge and create the file name it generates for you and paste into it its content the save and press Enter in the command line. Another file will be generated, do same and your certificate will be ready. Next thing you should see should be similar to this snapshot21

Installing SSL Certificate on Server

Your SSL Certificate should be existng at /etc/letsencrypt/live each SSL created for a domain is placed in a directory and your certificate file is fullchain.pem while your key is privkey.pem

On Shared Host: If you’re on shared host, you may not be allowed to perform SSL installation yourself. You have to send it to your hosts’ customer service, the files they should need are fullchain.pem and privkey.pem

Apache: In Apache, add this lines to your virtual host config

SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem



ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem
ssl_certificate /etc/letsencrypt/live/yourdomain.com/privkey.pem