Easy way to Install Let’s Encrypt

lets Encrypt

Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group (ISRG).To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.

We can obtain certificates from Let’s Encrypt in different ways, the Manual mode and Auto mode

The Manual Mode

Who is this for?

People who don’t have direct access to command line or the needed permissions to install letsencrypt on the server. Those who use proxies to redirect to there server can also use manual mode to verify the authentication.

Before you Begin

Run update on your server using sudo apt-get update && sudo apt-get upgrade

Install git in your server 
sudo apt-get install git

Download a clone of Let’s Encrypt from the official GitHub repository (https://github.com/letsencrypt/letsencrypt).

sudo git clone https://github.com/letsencrypt/letsencrypt 

Navigate to the new /usr/local/letsencrypt directory:

cd /usr/local/letsencrypt

Creating certificates

Initiate the manual process with below command using certonly and –manual entry

./letsencrypt-auto certonly -d www. nithinkk.wordpress.com 
-d nithinkk.wordpress.comn --manual

You will be informed that your current IP address will be publicly logged. If you’re okay with that proceed.

 click continue .. 

You’ll then be greeted with the information required to verify ownership of the domain (this will have to be done for each domain/subdomain you requested a certificate for).
In our case twice one for nithinkk.wordpress.com and other for http://www.nithinkk.wordpress.com

This will ask to create a folder .well-known inside the root public folder of the website
for example (/var/www/public_html)

mkdir .well-known
cd .well-known
mkdir acme-challenge
cd acme-challenge

Once its created go to your public_html where “.well-known” folder is created and enter the copied code from your terminal

example code

 printf "%s" dfghdfh05-svp2RH8PbgYczpRfghfgh
.gJflKZ5FTUXhV1qRgWn-dfdghgdfho > .well-known/

Once both the code is executed you can verify it under yourdomainname.com/.well-known/acme-challenge/dfghdfh05-svp2RH8PbgYczpRfghfgh.gJflKZ5FTUXhV1qRgWn-dfdghgdfho.
If the code is displayed you can press continue…

Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem

Files created inside letsencrypt

sudo ls /etc/letsencrypt/live/example.com


Certificate Installation

Enable ssl mod in apache

sudo a2enmod ssl

You can install letsencrypt certificates inside apache configration file
The directory /etc/letsencrypt/live/ actually contains directories, one for each certificate set (domain), with symlinks to the /etc/letsencrypt/archive/ directory. This way the “live” folder always shows the latest files.

For each virtual host you can use the following SSLCertificate directives.

SSLEngine on
SSLCertificateFile      /etc/letsencrypt/live/domain.in/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/domain.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.in/chain.pem

Example your host file will look as below. This will also redirect all your port 80 to port 443

//example ----------Virtual---Host *:PORT EIGHTY---------
        ServerAdmin webmaster@localhost
        ServerName nithinkk.wordpress.com
        ServerAlias www.nithinkk.wordpress.com
        RewriteEngine on
        ReWriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://nithinkk.wordpress.com/$1 [NC,R,L]

 //----------Virtual----Host--- Closing 
 //---example----Virtual-----Host *: PORT FOUR FORTY THREE--

DocumentRoot /var/www/html
ServerName nithinkk.wordpress.com
ServerAlias www.nithinkk.wordpress.com

SSLEngine on
SSLCertificateFile      /etc/apache2/cert/domain.in/cert1.pem
SSLCertificateKeyFile   /etc/apache2/cert/domain.in/privkey1.pem
SSLCertificateChainFile /etc/apache2/cert/domain.in/chain1.pem


Check the apache config files and restart

apachectl configtest
service apache2 restart

If you have any proxy tunnel to the server. You can copy the certificates under /etc/apache2/cert/yourdomainname inside proxy servers too.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s