It’s an important landmark for the entire web: Let’s Encrypt has entered public beta offering free HTTPS certificates. Never has it been so easy for the developers and system admins to obtain an SSL certificate.
This guide has been tested on Debian v. 8.2 running Apache v. 2.4.
(Source: Let’s Encrypt documentation)
Let’s Encrypt tool requires root access to complete the installation so start by logging in as superuser.
$ sudo su
I’m going to use Git to download Let’s Encrypt client, so make sure that you have it installed on your server.
$ git --version
If all you see is
command not found, install Git.
$ apt-get install git
To install Let’s Encrypt client, run the following set of commands on your server:
$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt $ ./letsencrypt-auto --help
The Let’s Encrypt client supports various plugins automating the installation process: apache, standalone, webroot, manual, and an early experimental version of nginx plugin.
If you’re on
apache, run the following command replacing
yourdomain.com with your domain name:
$ ./letsencrypt-auto --apache -d yourdomain.com -d www.yourdomain.com
The wizard should guide you through the installation process. You’ll be prompted to enter your email address and accept TOS.
If you have multiple Virtual Hosts on your machine, you’ll be asked to select one. Go for
Restart the apache service:
$ apache2 restart
If everything went well you should be able to access your site by visiting
Let’s Encrypt certificates are set to expire after 90 days. Such short expiration period has been put in place to encourage renewal process automation, so let’s automate it on our server.
Let’s add the renewal command as a cron task. Make sure to change your installation path, domain name and webroot URL accordingly.
First run the following command to add our job to the cron:
$ crontab -e
Then add the following line to the file. Make sure you test the Let’s Encrypt cron command before placing it in crontab.
@monthly /your_installation_path/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d yourdomain.com -d www.yourdomain.com --renew-by-default
That’s it, your site should be served to visitors over HTTPS.