This is an old revision of the document!
LetsEncyrpt on Ubuntu
LetsEncyrpt tires to setup a HTTP or HTTPS server to validate your domain and accordingly port 80 and 443 need to be open for LetsEncyrpt to connect to these ports before they will give you a certificate.
LetsEncyrpt certificates have a life of 3-4 months so they need to be renewed every three months.
The entire process is done through the command line/curses client on the server running the web server
On Ubuntu I had to install the certificates manually
Install LetsEncrypt client
Install Git
apt-get install git
Download client source
git clone https://github.com/letsencrypt/letsencrypt
Run Client
cd letsencrypt
./letsencrypt-auto
Getting Your first Certificate
Let's assume that you have a standard webroot server running on port 80 (Apache, Lighthttpd, Ngnix)
In this case it makes sense to run letsencrypt-auto using http and webroot domain verification.
To use port 80 use the following arguments
--standalone-supported-challenges http-01
To use webroot verification use the following arguments
--webroot --webroot-path /var/www/html
replace /var/www/html with your document/web root
Finally add the following for manual certificate installation
certonly
Here is an example command
letsencrypt-auto certonly --standalone-supported-challenges http-01 --webroot-path /var/www/ --webroot
You will be asked for a email address and a domain name in the curses interface enter them and if all goes well you should get a certificate file.
If successful you will see four files (cert.pem,chain.pem,fullchain.pem,privkey.pem) in /etc/letsencrypt/live/<FQDN>/
Apache Directive Table
Apache HTTPS Directive | LetsEncrypt File |
SSLCertificateKeyFile | privkey.pem |
SSLCertificateFile | cert.pem |
SSLCertificateChainFile | chain.pem |
– | fullchain.pem |