SSL Certificate for free!
Sounds like a typical marketing slogan you often hear in commercial? I thought that too, until I checked it.
On the 3th of December 2015 John Aas, ISRG Executive Director, announced Let’s Encrypt project has entered Public Beta, what means that no invitations are needed, so everyone can generate SSL certificates for free.
Let’s Encrypt brings a huge opportunity for developers to make their web pages more secure. It provides certificates for free, but also has benefits like:
- no validation emails
- no complicated configuration
- no expired certificates breaking your website, you can renew certificate whenever you want to
- because it’s for free, no payments to arrange
Now let’s check if it really works. We are going to configure apache on a Ubuntu server to use SSL certificates provided by Let’s Encrypt.
1. We have apache configuration file like this:
ServerName example.com ...
2. Install Let’s Encrypt wrapper script:
$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt
3. Generate certificates:
This will create a set of files:
$ sudo ls -l /etc/letsencrypt/live/example.com/ total 0 lrwxrwxrwx 1 root root 46 Feb 1 14:06 cert.pem -> ../../archive/example.com/cert1.pem lrwxrwxrwx 1 root root 47 Feb 1 14:06 chain.pem -> ../../archive/example.com/chain1.pem lrwxrwxrwx 1 root root 51 Feb 1 14:06 fullchain.pem -> ../../archive/example.com/fullchain1.pem lrwxrwxrwx 1 root root 49 Feb 1 14:06 privkey.pem -> ../../archive/example.com/privkey1.pem
4. Link certificate in your apache configuration files:
ServerName example.com … Redirect permanent / https://example.com ServerName example.com … SSLEngine onSSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
From now your certificate should be visible for website visitors
Simple, isn’t it? So don’t waste your time, go and make your website more secure!