Difference between revisions of "Setup free SSL from Letsencrypt"

Let's say we have a website "user.com" with its files located at /home/user/public_html and we want it to be secured with the free SSL certs from Letsencrypt.

1. Create a directory for the certs:

mkdir /home/user/ssl_certificates

2. Install Letsencrypt:

yum install git  #in RHEL, Centos
apt-get install git  #in Debian, Ubuntu
cd /home/user/ && git clone https://github.com/letsencrypt/letsencrypt

You may notice that the new directory appeared: /home/user/letsencrypt. It contains scripts we need for acquiring the certs.

3. As the free certs need to be reissued once per 3 months, it could be a good idea to add this command to cron on monthly schedule:

cd /home/user/letsencrypt/ && ./letsencrypt-auto certonly --email info@user.com --agree-tos --webroot --renew-by-default -w /home/user/public_html/ -d www.user.com -d user.com --authenticator webroot && cp -f /etc/letsencrypt/live/www.user.com/cert.pem /home/user/ssl_certificates/cert.pem && cp -f /etc/letsencrypt/live/www.user.com/chain.pem /home/user/ssl_certificates/chain.pem && cp -f /etc/letsencrypt/live/www.user.com/fullchain.pem /home/user/ssl_certificates/fullchain.pem && cp -f /etc/letsencrypt/live/www.user.com/privkey.pem /home/user/ssl_certificates/privkey.pem

4. If you manually execute the command above, you will have these files from Letsencrypt: /home/user/ssl_certificates/cert.pem

/home/user/ssl_certificates/chain.pem

/home/user/ssl_certificates/fullchain.pem

/home/user/ssl_certificates/privkey.pem

These files can be used in the webserver's conf file to have the website running over https.