LetsEncyrpt tires to setup a HTTP or HTTPS server to validate your domain and accordingly port 80 and 443 need to be open for LetsEncyrpt to connect to these ports before they will give you a certificate.

LetsEncyrpt certificates have a life of 3-4 months so they need to be renewed every three months.

The entire process is done through the command line/curses client on the server running the web server

On Ubuntu I had to install the certificates manually

Currently you can only have 5 certs for every domain per 7 day window

Install Git

apt-get install git

Download client source

git clone https://github.com/letsencrypt/letsencrypt

Run Client

cd letsencrypt
./letsencrypt-auto

To use port 80 use the following arguments

--standalone-supported-challenges http-01

To use webroot verification use the following arguments

--webroot --webroot-path /var/www/html

replace /var/www/html with your document/web root

Finally add the following for manual certificate installation

certonly

Here is an example command

letsencrypt-auto certonly --standalone-supported-challenges http-01 --webroot-path /var/www/ --webroot

You will be asked for a email address and a domain name in the curses interface enter them and if all goes well you should get a certificate file.

If successful you will see four files (cert.pem,chain.pem,fullchain.pem,privkey.pem) in /etc/letsencrypt/live/<FQDN>/

Consult the certificate file matrix below on how to use the certificate files.