Free and easy SSL with Let’s Encrypt

SSL has always been a real pain for me to setup. The concept of SSL is not terribly difficult to understand. However, the time and work involved has always been a huge turn off to me. Not to mention the cost. I would often use self signed certs or even worse, none at all. This has all changed thanks to certbot and the folks at Let’s Encrypt. The Let’s Encrypt project provides free, easy to install SSL certificates. The certbot program helps to automate the generation, installation, and verification of SSL certs.

Let’s get started…

First, we’ll need to get the certbot binary. This can be done a number of ways. I’ve included a few examples of how to install certbot below.

Debian Stretch

apt update
apt install -y python-certbot-apache

CentOS 7 and RHEL7

yum install -y epel-release
yum install -y certbot-apache

Manually

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto

Generate and install a certificate

certbot --apache

At this point, you will be prompted for some information. First, you will be prompted to select a VirtualHost to enable HTTPS for.

root@debian-512mb-nyc3-01:~# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: www.example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Select the numbers representing the VirtualHosts you wish to setup SSL on.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):

Enter your email address.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:

Agree to the Terms of Service. At this time, the certificate should be generated and validated.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.