C’mon it’s the end of 2016, if you don’t use https you really should now. It’s free, you only need to set it up once, and the rest is automated.
Let’s get started. We will use a lightweight client called Acme.sh to get the certificates. The official client from Let’s encrypt is a bit bulky and has a lot of dependencies.
Start with installing the Acme.sh client
|
|
You should set up your account with an email address, so you won’t miss the notifications from Let’s encrypt.
Configue the cron
job (optional)
The instaler script automatically sets up the cron job on your system, it’s time to configure it.
Enter the following command: crontab -e
Set the script to run at a random hour and minute to minimize the chance of API
unreachability.
Set up your webserver to use a virtual document root
for the client
Create a directory writable by your webserver. You will use this directory to generate the authentication requests.
In this tutorial we will use /var/www/acme
.
|
|
Apache
Edit your main config file and add this alias:
|
|
Restart apache and you are ready to request your certificate.
Nginx
Add theses lines to your server block:
|
|
Restart Nginx and you are ready to request your certificate.
Request and install a certificate
You can request a certificate for multiple hostnames hosted on the same server with this approach.
|
|
Now you have your certificate!
Install the certificate
|
|
After issuing this command the client will know which script to run after certificate renewal.
Update: The install script was updated with configuration allowing to copy the generated certificates from the default folder to some place else. It is advised by acme.sh to do so, because the default location also contains other important internal files of the script and its structure is subject to change.