Let’s Encrypt is a free, automated, and open certificate authority brought to you. This article describes how to obtain free Let’s Encrypt certificate for your server.
1. Ssh to your server and download Let’s Encrypt client:
2. Run certificates installation:
./letsencrypt-auto --agree-dev-preview --server \
https://acme-v01.api.letsencrypt.org/directory -a manual auth
You’ll be asked for your email address.
3. Now enter your domains you want to obtain the certificates for (it’s possible to specify multiple domains separated by commas and/or spaces):
4. Confirm saving IP address of your machine in Let’s Encrypt logs:
5. Confirm that you’re owner of the given domain (for this you have to create a .well-known file with the given text):
6. After the domain is verified, you’ll have the certificates under /etc/letsencrypt/live/[domain_name]
- privkey.pem — private key.
Used in Apache for SSLCertificateKeyFile and in nginx for ssl_certificate_key.
- cert.pem — server certificate (public key).
Used in Apache for SSLCertificateFile.
- chain.pem — chain certificate
Used in Apache for SSLCertificateChainFile.
- fullchain.pem — concatenation of cert.pem and chain.pem.
This is because some implementations (such as Apache >= 2.4.8) will need the chain certificate in the same file as the leaf certificate.
Also used in nginx for ssl_certificate.