Free SSL certificate – how to

Two words – Let’s encrypt!
Assuming you already have Ubuntu LAMP set up, you just need to install Certbot to manage your SSL certificates.

Installation of Certbot – SSL manager

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

.. you should get some meaningful output.
Now that you have a way to manage your certificates, it’s time to get one!.

Usage

Assuming you have virtual hosts set up, such as example.com, and you are using Apache, just run following command:

./certbot-auto --apache -d example.com

You need to be in the directory where you’ve extracted certbot.
You can do multiple domains at once

./certbot-auto --apache -d example.com -d nocookies.example.com

How it works

Certbot will obtain new certificate from https://letsencrypt.org, detect vhost configuration on your Apache and will create copy of that config with SSL enabled.

You can find certificates in directory

/etc/letsencrypt/live/phpsolved.com/

If you ran the command first time, you’ll be asked to provide your email address and accept terms and conditions.
You also need to renew the certificate every 90 days – you can do that by issuing following command:

certbot renew

If you want certificate for both non-www and www version of your domain ( for redirect ) you need to specify both at once, e.g.:

./certbot-auto --apache -d example.com -d www.example.com

If you do 2 commands, it won’t work properly.
This is wrong:

./certbot-auto --apache -d example.com
./certbot-auto --apache -d www.example.com

Unlike other certificates, such as StartSSL, this one actually works. If you use StartSSL, you won’t get ‘green icon’ in all browsers, see https://bugzilla.mozilla.org/show_bug.cgi?id=994033.

Sources:
https://github.com/certbot/certbot
https://letsencrypt.org/getting-started/

Write a Comment

Comment