Setup LetsEncrypt On Linux

Let's Encrypt is a certificate authority with an automated client. In short, this means that you can secure your websites at no cost. That’s right, you can go from http://yourdomain.com to https://yourdomain.com for free. Note, though, it’s at the discretion of Let's Encrypt to issue you a certificate.

Getting started

You will need git installed on your Linux distro.

Ubuntu, Debian

sudo apt-get update
sudo apt-get install git-all

Red Hat, CentOS

sudo yum update
sudo yum install git-all

Installation

Now that git is installed on your system, you can clone the Let's Encrypt repo.

mkdir ~/src
cd ~/src
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sudo chmod g+x letsencrypt-auto
./letsencrypt-auto

Give it a little bit of time to update and install any missing dependencies as needed.

Using Let's Encrypt

Once Let’s Encrypt has finished installing, you can issue certificates in a snap.

For Apache2

Stop the apache2 service.

Then, run Let's Encrypt:

./letsencrypt-auto --apache --email=YOUREMAIL@YOURDOMAIN.COM -d YOURDOMAIN.COM -d SUB.YOURDOMAIN.COM -d ANYDOMAIN.YOUWANT.NET

This command calls Let's Encrypt, telling it that we are using Apache so that it can automate the installation process. It notifies Let's Encrypt of our email address and tells them the domains for which we would like certificates. You can use any domain you want after the -d flag because that tells Let's Encrypt this person wants a cert for this domain. Let's Encrypt will automate this whole process and add the proper lines of code to the config file for your domain.

For Nginx

Let's Encrypt for Nginx is very experimental. Use it at your own risk (make a backup of your configuration first).

./letsencrypt-auto certonly --email=YOUREMAIL@YOURDOMAIN.COM -d YOURDOMAIN.COM -d SUB.YOURDOMAIN.COM

This will generate a certificate in the following directory /etc/letsencrypt/live/YOURDOMAIN.COM.

To get the traffic switched over to using SSL, you will need to edit your Nginx site config file. For example:

sudo nano /etc/nginx/sites-enabled/default

In the config file, make sure that the server is listening on port 443 and that the SSL certificate locations are properly defined. Your config file should resemble the following:

server {
   listen 443;
   server_name yourdomain.com sub.yourdomain.com;

   root /usr/share/nginx/www;
   index index.html index.htm;

   ssl on;
   ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; 
}

Save the file, restart Nginx, and you’ll be ready to go!

Enjoy your new, secure website!