Address

Los Angeles, California

Phones

1-844-CLOUDLA 1-844-256-8352

Hours

Mon-Fri 8:00 am to 4:00 pm

“Let’s Encrypt” Free SSL/HTTPS Certificates

I am probably not the only person that thinks the SSL/HTTPS certificates industry is completely contrived. There may be some value in validated certificates, but let's face it, the average user just looks for "https" in the URL with no browser warning, and they're good to go. So that begs the question, why do we have to pay a certificate authority for basic certificates? Thanks to Let's Encrypt now you don't. Let's Encrypt is sponsored by some of the biggest names in the tech industry as well a high profile privacy advocates. Now there is no reason why even the most mundane online resources shouldn't be protected by encryption.


Installing Let’s Encrypt

Note: Let’s Encrypt is in beta. Please don’t use it unless you’re comfortable with beta software that may contain bugs.

If your operating system includes a packaged copy of letsencrypt, install it from there and use the letsencrypt command. Otherwise, you can use our letsencrypt-auto wrapper script to get a copy quickly:

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

letsencrypt-auto accepts the same flags as letsencrypt; it installs all of its own dependencies and updates the client code automatically (but it’s comparatively slow and large in order to achieve that).


How To Use The Client

The Let’s Encrypt client supports a number of different “plugins” that can be used to obtain and/or install certificates. A few examples of the options are included below:

If you’re running Apache on a recent Debian-based OS, you can try the Apache plugin, which automates both obtaining and installing certs:

./letsencrypt-auto --apache

On other platforms automatic installation is not yet available, so you will have to use the certonly command. Here are some examples:

To obtain a cert using a “standalone” webserver (you may need to temporarily stop your exising webserver) for example.com and www.example.com:

./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

To obtain a cert using the “webroot” plugin, which can work with the webroot directory of any webserver software:

./letsencrypt-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

The this will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.


Renewing a Certificate

To renew a certificate, simply run letsencrypt again providing the same values when prompted. Let’s Encrypt is working hard to fully automate this process and we apologize for the inconvenience until this functionality is ready.


Revoking a Certificate

The following command can be used to revoke a particular certificate.

$ letsencrypt revoke --cert-path example-cert.pem


Full Documentation

For more information on the official client, please see the full documentation.


Reference: https://letsencrypt.org/howitworks/

No Comments Yet.

Leave a comment