Two words – Let’s encrypt!
Assuming you already have Ubuntu LAMP set up, you just need to install Certbot to manage your SSL certificates.
Installation of Certbot – SSL manager
wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto --help
.. you should get some meaningful output.
Now that you have a way to manage your certificates, it’s time to get one!.
Assuming you have virtual hosts set up, such as example.com, and you are using Apache, just run following command:
./certbot-auto --apache -d example.com
You need to be in the directory where you’ve extracted certbot.
You can do multiple domains at once
./certbot-auto --apache -d example.com -d nocookies.example.com
How it works
Certbot will obtain new certificate from https://letsencrypt.org, detect vhost configuration on your Apache and will create copy of that config with SSL enabled.
You can find certificates in directory
If you ran the command first time, you’ll be asked to provide your email address and accept terms and conditions.
You also need to renew the certificate every 90 days – you can do that by issuing following command:
If you want certificate for both non-www and www version of your domain ( for redirect ) you need to specify both at once, e.g.:
./certbot-auto --apache -d example.com -d www.example.com
If you do 2 commands, it won’t work properly.
This is wrong:
./certbot-auto --apache -d example.com ./certbot-auto --apache -d www.example.com
Unlike other certificates, such as StartSSL, this one actually works. If you use StartSSL, you won’t get ‘green icon’ in all browsers, see https://bugzilla.mozilla.org/show_bug.cgi?id=994033.