Let’s Encrypt: How to Generate Free Signed SSL Certificate For Your Domain

Let’s Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

Let’s Encrypt made it easy for you to generate your signed certificate on your system, so this requires installation of their package on your system.

Installing Let’s Encrypt

Let’s Encrypt package is on GitHub for now, which they are planning for it to appear on Debian repositories. So you’ll clone down the git repository down to your local server by running

$ git clone https://github.com/letsencrypt/letsencrypt 
$ cd letsencrypt

After cloning is done, you need to run ./letsencrypt-auto to automatically fix dependencies (installing and updating dependencies)

$ ./letsencrypt-auto

 

Generating SSL Certificate

Now you are done with installation, you now generate the certificate.

Domain: donjajo.com and www.donjajo.com

I’m on my localhost and I need to create a certificate for this blog which is already online, run

$ ./letsencrypt-auto -d donjajo.com -d www.donjajo --manual certonly

 

snapshot18Dependencies are checked, this might take upto a minute. A notification is popped up for your IP being logged as whom requested foe the certificate. Accept it snapshot20Once accepted, verification of the domain name starts. This verification requires a file provided by the package to be present on the server which the domain serves.snapshot19As show above, the file .well-known/acme-challenge/_0_RbSH4jnPEEE2hnZnVgpqX9pszcBz4BR0LsLNPOY8 must exist on the domain containing this string

o6geu30YYFjP7fbcWTaGlIP2yxBehmeNt5qWCDBB4FY.Ni-cTVpKspkQaQ6OanQ0sIINnSY1Z4MryY5sAFlIjC0

 

So all you do is goto your web host, create the directory .well-known/acme-challenge and create the file name it generates for you and paste into it its content the save and press Enter in the command line. Another file will be generated, do same and your certificate will be ready. Next thing you should see should be similar to this snapshot21

Installing SSL Certificate on Server

Your SSL Certificate should be existng at /etc/letsencrypt/live each SSL created for a domain is placed in a directory and your certificate file is fullchain.pem while your key is privkey.pem

On Shared Host: If you’re on shared host, you may not be allowed to perform SSL installation yourself. You have to send it to your hosts’ customer service, the files they should need are fullchain.pem and privkey.pem

Apache: In Apache, add this lines to your virtual host config

SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem

 

Nginx:

ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem
ssl_certificate /etc/letsencrypt/live/yourdomain.com/privkey.pem