Due to several reasons, people are really interested in securing their websites with SSL certificates. Most of the e-commerce sites and corporate sites were already using secure connections and some organizations have been pushing developers and the users for HTTPS for more than a decade. Yet, possibly the most important reason why it so popular now is probably the search engines that favors the secure sites over the not-secure ones.
In this article, we are not going to investigate the logic of SSL/TLS certificates or how exactly this system works. However, we should clarify the concept of Certificate Authority in order to understand the role of Let’s Encrypt in this ecosystem.
When a browser initiates a secure connection with a server, the server sends its certificate to the browser in order to prove its identity. However, the browser needs a trusted third party/authority to believe that the server is telling the truth. At that point, Certificate Authorities come into play. Let’s Encrypt is a non-profit Certificate Authority that run by Linux Foundation.
We assume that you have already read the original documentation and came here for more research and maybe some insight. At the time of the writing, there are only 2 possible ways to use Let’s Encrypt certificates for your site, via ssh access or with the help of your hosting provider. If you use a shared host, there is nothing more to do than asking your provider for the certificate.
If you have ssh access to your server, Certbot’s documentation will most probably walk you through the whole process. All you need to do is to select your Linux distro and your web server.
If you need to learn the exact version you are running you may use the command
to learn it.
After selecting these, the documentation will lead you through the installation of the Certbot, the tool that requests and installs the certificates.
Setting up phase is also very straightforward, you only need to provide your domain name and you are good to go. After that, you may want to set up your cronjobs as suggested. In order to do that, you need to open the crontab editor using
Then you will need to add a new line to the file to run the renewal command automatically. If you have installed the certbot using wget instead of your distro’s package manager, you will need the path you downloaded the file for this step. After learning that you should add a line similar to the one below
0 1,13 * * * PATH_TO_CERTBOT/certbot-auto renew --quiet --no-self-upgrade
This line will invoke certbot-auto executable on 1 am and 13 pm every day. As explained in the documentation, it is a good idea to run this twice a day in order to prevent any issues.
Using HTTPS for multiple domains hosted on the same server
If you are serving more than 1 sites on the same server, it is usually possible to use HTTPS for all of them. For example, if you are using apache as your server, you will need to edit the config file that has -ssl on its name. (For example, certbot usually create the file on /etc/apache2/sites-enabled/default-ssl.conf but if you have default.conf but not default-ssl.conf you may need to create it) Then you will need to define all of your virtual hosts and provide the locations of the certificates. When you run the certbot yourself, without the --quite flag, you will see that it prints out the location that it created the certificates. Something similar to the configuration below should be sufficient for usual installs.
However, if you are using a special mod with apache, for example mod_wsgi, unfortunately, at time of writing, there is no way to use HTTPS for multiple domains hosted on the same server.
As you can see, certificate installation process is pretty much automated with certbot and it works very well. So, you will need around 30 minutes to write your domain starting with https://