Free HTTPS with Let’s Encrypt client

It’s an important landmark for the entire web: Let’s Encrypt has entered public beta offering free HTTPS certificates. Never has it been so easy for the developers and system admins to obtain an SSL certificate.

This guide has been tested on Debian v. 8.2 running Apache v. 2.4.

Installation

(Source: Let’s Encrypt documentation)

Let’s Encrypt tool requires root access to complete the installation so start by logging in as superuser.

$ sudo su

I’m going to use Git to download Let’s Encrypt client, so make sure that you have it installed on your server.

$ git --version

If all you see is command not found, install Git.

$ apt-get install git

To install Let’s Encrypt client, run the following set of commands on your server:

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

The Let’s Encrypt client supports various plugins automating the installation process: apache, standalone, webroot, manual, and an early experimental version of nginx plugin.
If you’re on apache, run the following command replacing yourdomain.com with your domain name:

$ ./letsencrypt-auto --apache -d yourdomain.com -d www.yourdomain.com

The wizard should guide you through the installation process. You’ll be prompted to enter your email address and accept TOS.

If you have multiple Virtual Hosts on your machine, you’ll be asked to select one. Go for default-ssl.conf.

Restart the apache service:

$ apache2 restart

If everything went well you should be able to access your site by visiting https://yourdomain.com.

Automatic Renewals

Let’s Encrypt certificates are set to expire after 90 days. Such short expiration period has been put in place to encourage renewal process automation, so let’s automate it on our server.

Let’s add the renewal command as a cron task. Make sure to change your installation path, domain name and webroot URL accordingly.

First run the following command to add our job to the cron:

$ crontab -e

Then add the following line to the file. Make sure you test the Let’s Encrypt cron command before placing it in crontab.

@monthly /your_installation_path/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d yourdomain.com -d www.yourdomain.com --renew-by-default

That’s it, your site should be served to visitors over HTTPS.

One response to “Free HTTPS with Let’s Encrypt client”

Leave a Reply