Free SSL certificate with Let’s Encrypt = F* you retailers!

I am extremely pleased to say that (after some minor bumps*) my domain www.stefanrakonjac.com now runs on https solely!

Valid SSL certificate from Let's Encrypt for domain stefanrakonjac.com

For more than a year I considered how nice would it be to arrange an SSL certificate** for my website. In times of crisis I would be a step from making of investment of more than 60$ into buying it from a retailer I trusted, but then I would always step back as I would get to my senses and realize that paying for something that trivial (every year and per every other domain I also wanted to secure) would be such a waste of money. After all I’m not that rich.

* I crashed the web-server I run all of my websites
** A proper (trusted) one

I still can’t believe how easy it was to configure a trusted SSL certificate for the domain I own and host on my private Debian with Apache-PHP-MySQL server. To ilustrate:

First we need to git clone Let’s Encrypt git project, but before that we need to install git:

root@forest:/ apt-get install git

When asked for confirmation simply put Y and press enter. After the installation finishes continue with cloning the repository:

root@forest:/ cd /opt
root@forest:/opt/ git clone https://github.com/letsencrypt/letsencrypt
root@forest:/opt/ cd letsencrypt

We need to choose which (sub)domain names we want to secure … in my case stefanrakonjac.com and www.stefanrakonjac.com. Bear in mind that top-level domain (without www or any other subdomain) needs to go first!

root@forest:/opt/letsencrypt/ ./letsencrypt-auto --apache -d stefanrakonjac.com -d www.stefanrakonjac.com

Let’s Secure’s auto-configurator will ask you some straight-forward questions, like what’s your e-mail,  should your website’s traffic be strictly https etc. Provide your best answers and let the magic happen.

One note for the end: since I’m having my web-server behind a firewall (IPS’s receiver device), I had to enable port forwarding on port 443 as well. Not something that came to my mind right away (actually I thought I already configured it some time ago, but I didn’t), but after an initial fail of domain verification and SSL certification, it was obvious something is wrong and closed port was the answer.

Now go get your domains secured! For free!

P.S. Let’s Encrypt’s certificates are unfortunately not valid for entire year, like other CA (Certify Authority) certificates. They can be used only for 3 months after which they must be renewed. Luckily for us, renewal process is straight forward:

root@forest:/opt/letsencrypt/ ./letsencrypt-auto renew

Leave a Reply

Your email address will not be published. Required fields are marked *