LetsEncrypt Beta for Apache

- - posted in apache ssl | Comments

I received an email today (4/Nov/2015) saying I had been accepted on the LetEncrypt Beta programme.

The instructions in the email where not clear, here is what I did to generate my certificate in to Apache.

On the web server:

1
2
3
4
5
$ mkdir sources
$ cd sources
$ git clone git@github.com:letsencrypt/letsencrypt.git
$ cd letsencrypt
$ ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly

Provided the above completes okay you will have a new vhost file in /etc/apache2/sites-avavible, named $DOMAIN-le-ssl.conf.

Edit this file and add the following lines, replacing $DOMAIN with your domain.

1
2
3
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/$DOMAIN/chain.pem

Enable the vhost and restart Apache:

1
2
$ sudo a2ensite interkonect.com-le-ssl.conf
$ sudo service apache2 reload

Your site should now have SSL enabled, you will have to renew your certificate in 90 days.

Optional

You might want to copy/paste the new vhost file in to an existing vhost for the domain and enable redirect from HTTP to HTTPS.

Update: Renewing the certificate

1
2
3
cd sources
git pull
./letsencrypt-auto certonly

Update: Renewing certificates (4/July/2016)

1
2
3
cd sources
git pull
./letsencrypt-auto renew

Comments