We’ve been paying for the ssl certs for years, but not any more. Let’s Encrypt is here, and we can get our certificates for free.
Let’s see how it works.
Understanding Let’s Encrypt
Let’s Encrypt allows you to issue signed certificates for your domains. It handles the authorization by its client, which should be installed one of your servers. Your domains must point to that server in order to be authorized.
Mac users warn: You better use a Vagrant with some debian distribution, it will make your day a lot of easier.
You can follow the official getting starting guide, but it is as simple as run:
git clone https://github.com/letsencrypt/letsencrypt
Generate your certs
After moving to the newly created
letsencrypt directory we can just run
./letsencrypt-auto --help to see if everything works fine.
As we said before, Let’s encrypt needs to validate your ownership of the domains you will validate. It can do it by itself or by using your current webserver.
If you have your web located a
/var/www and you want a certificate for
cool-domain.com you can run the following command:
./letsencrypt-auto certonly --webroot -w /var/www -d cool-domain.com
And that’s it!
You can now access your certificate files under the directory
- Note that your certificates will expire in about 90 days
- You’re limited to issue about 5 certificates per week
- You can issue test certificates if you want to test adding the
- If you are under a non-debian machine you can use the
--debugflag to run in experimental way
PD: We can also get our free certs with AWS Certificate Manager, but it only works inside AWS services, and it is not cross-region. Do you know more services like this? Leave me a comment!