How I used Let's Encrypt to enable HTTPS on this blogDecember 8, 2015 Let's Encrypt HTTPS SSL security nginx
From this day my blog is served via HTTPS, too (and thanks to HSTS, you are most likely already looking at the secure version). It wouldn’t had happened without Let’s Encrypt. Using Let’s Encrypt was much easier than I expected so I wanted to share the process.
(TL:DR - it was free and took an hour to figure everything out.)
So, what is Let’s Encrypt? It’s a new age certificate authority. In the past, obtaining an encryption certificate was an expensive and complicated process. You had to procure documents proving your identity and some human on the other end had to look at them and approve the certificate.
But, 99% of the time people need a certificate just to enable SSL encryption on your site, and all authorization you need for that is proof of ownership of the domain name. And proof of domain ownership is a well-explored, purely technical problem.
Thus, smart people at Let’s Encrypt have designed and implemented a protocol of automatic authorisation of certificates that are bound to a certain domain. (You should read the technical overview for details).
The entire process goes like this
- SSH into the server
- Pull down
letsencrypt(see How it Works)
- Shut down nginx for a minute (to free up the HTTP socket).
./letsencrypt-auto certonly --standalone -d leonid.shevtsov.me- it sets up a temporary web server that will interact with the central authority. This is what makes the process automatic
- Enter maintainer email (yours) and wait a bit.
- You immediately get the certs on your server, right where you need them.
- Start nginx back up.
- Generate ssl configuration for nginx using the Mozilla SSL config generator
- Plug in the ssl configuration into the nginx server clause.
- Restart nginx.
The entire process takes like 15 minutes when you know the steps. You can get a single certificate for multiple domains to save time.