Get free SSL with letsencrypt.org

Let’s Encrypt is a new certificate authority, recognized by all major browsers. It’s a Linux Foundation initative. On December 3 , It entered public beta allowing anyone to generate SSL certificate free of cost for duration of 3 months which can later be renewed when it expires.

Let’s Encrypt is way better option than other certificate authorities normally:

  • It’s Free.
  • Well documented.
  • Supported by all modern browsers.
  • Uses modern cryptographic backed methods for verifying proper ownership of domains.

It’s setup is not very complicated , I will describe how I configured it on a nginx http server .

First download letsencrypt (either from git repo or from your distro repo)

1
2
3
4
5
# git clone https://github.com/letsencrypt/letsencrypt
# cd letsencrypt
# service nginx stop
# ./letsencrypt-auto --agree-dev-preview --server \
https://acme-v01.api.letsencrypt.org/directory auth

Enter your email and domain name when promted.

Finally just edit your nginx domain configuration file , edit server block in your configuration file like

1
2
3
4
5
6
7
8
9
10
11
server {
listen 443 ssl;
server_name ketansingh.me;
ssl_certificate /etc/letsencrypt/live/ketansingh.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ketansingh.me/privkey.pem;
}

you can also redirect http request to https by adding

1
2
3
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

before closing your server block in config file. Finally just start your ngnix server

1
# service nginx start