Let’s Encrypt: How to Generate Free Signed SSL Certificate For Your Domain
Let’s Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.
Let’s Encrypt made it easy for you to generate your signed certificate on your system, so this requires installation of their package on your system.
Installing Let’s Encrypt
Let’s Encrypt package is on GitHub for now, which they are planning for it to appear on Debian repositories. So you’ll clone down the git repository down to your local server by running
$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt
After cloning is done, you need to run ./letsencrypt-auto to automatically fix dependencies (installing and updating dependencies)
$ ./letsencrypt-auto
Generating SSL Certificate
Now you are done with installation, you now generate the certificate.
Domain: donjajo.com and www.donjajo.com
I’m on my localhost and I need to create a certificate for this blog which is already online, run
$ ./letsencrypt-auto -d donjajo.com -d www.donjajo --manual certonly
Dependencies are checked, this might take upto a minute. A notification is popped up for your IP being logged as whom requested foe the certificate. Accept it Once accepted, verification of the domain name starts. This verification requires a file provided by the package to be present on the server which the domain serves.As show above, the file .well-known/acme-challenge/_0_RbSH4jnPEEE2hnZnVgpqX9pszcBz4BR0LsLNPOY8 must exist on the domain containing this string
o6geu30YYFjP7fbcWTaGlIP2yxBehmeNt5qWCDBB4FY.Ni-cTVpKspkQaQ6OanQ0sIINnSY1Z4MryY5sAFlIjC0
So all you do is goto your web host, create the directory .well-known/acme-challenge and create the file name it generates for you and paste into it its content the save and press Enter in the command line. Another file will be generated, do same and your certificate will be ready. Next thing you should see should be similar to this
Installing SSL Certificate on Server
Your SSL Certificate should be existng at /etc/letsencrypt/live each SSL created for a domain is placed in a directory and your certificate file is fullchain.pem while your key is privkey.pem
On Shared Host: If you’re on shared host, you may not be allowed to perform SSL installation yourself. You have to send it to your hosts’ customer service, the files they should need are fullchain.pem and privkey.pem
Apache: In Apache, add this lines to your virtual host config
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
Nginx:
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem ssl_certificate /etc/letsencrypt/live/yourdomain.com/privkey.pem