SSL Certificate for free!

Sounds like a typical marketing slogan you often hear in commercial? I thought that too, until I checked it.

On the 3th of December 2015 John Aas, ISRG Executive Director, announced Let’s Encrypt project has entered Public Beta, what means that no invitations are needed, so everyone can generate SSL certificates for free.

Let’s Encrypt brings a huge opportunity for developers to make their web pages more secure. It provides certificates for free, but also has benefits like:

  • no validation emails
  • no complicated configuration
  • no expired certificates breaking your website, you can renew certificate whenever you want to
  • because it’s for free, no payments to arrange

Now let’s check if it really works. We are going to configure apache on a Ubuntu server to use SSL certificates provided by Let’s Encrypt.

1. We have apache configuration file like this: 

ServerName  example.com ...

2. Install Let’s Encrypt wrapper script:

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt

3. Generate certificates:

./letsencrypt-auto --apache

This will create a set of files:

$ sudo ls -l /etc/letsencrypt/live/example.com/
total 0
lrwxrwxrwx 1 root root 46 Feb  1 14:06 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root 47 Feb  1 14:06 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root 51 Feb  1 14:06 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root 49 Feb  1 14:06 privkey.pem -> ../../archive/example.com/privkey1.pem

4. Link certificate in your apache configuration files:

	ServerName  example.com
	…
	Redirect permanent / https://example.com



	ServerName  example.com
	…
	SSLEngine
	onSSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

From now your certificate should be visible for website visitors

Let's Encrypt Certificate

Simple, isn’t it? So don’t waste your time, go and make your website more secure!