EDIT: The below is outdated and certbot should be used in a new installation.

Finally Let’s Encrypt went public with their open source, easy to use, SSL certification solution (Available for everybody, starting on the 3rd of December).

And yes, it’s free! As I’m writing this, Let’s Encrypt is still beta status, but working well in a productive environment. Check out their site to understand how it works.

I assume that you already know how to enable SSL on Apache and that you are comfortable at the command line.

So, let’s do this!

Install git

apt-get install git

Get Let’s Encrypt

git clone https://github.com/letsencrypt/letsencrypt

Create a config file for Let’s Encrypt

vim /etc/letsencrypt/cli.ini

We put the following in cli.ini (change webroot-path to your webroot):

authenticator = webroot webroot-path = /var/www/vhosts/skrilnetz.net/httpdocs/ server = https://acme-v01.api.letsencrypt.org/directory renew-by-default agree-dev-preview agree-tos email = postmaster@yourdomain.com

Generate your certificates

/your_path/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d yourdomain.com -d www. yourdomain.com certonly

Update your Apache configuration to use the new certificate

SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem

Make sure that SSLEgine is set to on.

Reload the Apache config

service apache2 reload

Check if it worked!

The certificate will be good for 90 days. Let’s have cron renew it automatically every month.

crontab –e

@monthly /your_path/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d yourdomain.com -d www. yourdomain.com certonly && service apache2 reload

Congratulations! You have secured your site with a free SSL certificate which will be renewed every 30 days.