How to get free Let’s Encrypt SSL certificate

lets-encrypt

Let’s Encrypt is a free, automated, and open certificate authority brought to you. This article describes how to obtain free Let’s Encrypt certificate for your server.

1. Ssh to your server and download Let’s Encrypt client:

2. Run certificates installation:

You’ll be asked for your email address.

3. Now enter your domains you want to obtain the certificates for (it’s possible to specify multiple domains separated by commas and/or spaces):

lets-encrypt-domains

4. Confirm saving IP address of your machine in Let’s Encrypt logs:

lets-encrypt-save-ip-address

5. Confirm that you’re owner of the given domain (for this you have to create a .well-known file with the given text):

lets-encryprt-confirm-domain-owner

6. After the domain is verified, you’ll have the certificates under /etc/letsencrypt/live/[domain_name]

  • privkey.pem — private key.
    Used in Apache for SSLCertificateKeyFile and in nginx for ssl_certificate_key.
  • cert.pem — server certificate (public key).
    Used in Apache for SSLCertificateFile.
  • chain.pem — chain certificate
    Used in Apache for SSLCertificateChainFile.
  • fullchain.pem — concatenation of cert.pem and chain.pem.
    This is because some implementations (such as Apache >= 2.4.8) will need the chain certificate in the same file as the leaf certificate.
    Also used in nginx for ssl_certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *