2 min read
Install Let’s Encrypt and create a free SSL certificate
December 4, 2015
This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/2e0ee4cf7e04bb75742d.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). This guide shows you how you can obtain a free SSL certificate.
Download the client code from the Github repository.
cd /usr/local/src/ sudo git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
Run the letsencrypt wrapper script.
sudo -h ./letsencrypt-auto
If you experience an error like this:
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning
You have to update some pyhton libraries by running this command.
pip install pyopenssl ndg-httpsclient pyasn1
Now you can request a new ssl certificate. I assume you’re running Nignx as your web server. To request a certificate we have to stop the web service temporarily.
sudo service nginx stop sudo -H ./letsencrypt-auto certonly --email email@example.com -d domain.com sudo service nginx start
The new certificates are stored here:
Update the Nginx configuration file for your domain.
sudo vi /etc/nginx/conf.d/domain.com.conf
Add the new certificates:
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
Test your Nginx configuration file.
sudo nginx -t
And restart the service
sudo service nginx reload
Finally check your Nginx SSL configuration here: https://globalsign.ssllabs.com/
Official Let’s Encrypt client documentation
Categories: Security , Web server