Generate Website SSL Certificate Using Lets Encrypt

Let’s Encrypt is a new certificate authority. The service will automatically generate SSL certificates that you can use to secure your web and email server connections. The certificates are free.

Recently Google has started using https as a ranking signal so it’s useful for your SEO that you do offer an encrypted version. It’s also really important if you’re requesting personal information from your users. Signed SSL certificates should stop man-in-the-middle attacks where traffic to and from your site is monitored by an unknown third party. Login forms etc on your site should certainly be encrypted.

As of December 2015, Let’s Encrypt has entered public beta. There are plans to have more easily installed packages available for most systems, but for now you have to clone the Let’s Encrypt Client from GitHub. Installation instructions are available here.

A new SSL certificate can be generated from the command-line using a simple command such as ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com. This requires that your web server is stopped whilst the certificate is validated. Other options are available that do not require this.

The new certificates are valid for 90 days. Let’s Encrypt suggests you renew them every 60 days.

Full documentation is available here.

It should be noted that simply serving your site over SSL doesn’t guarantee it is secure. It’s worth running something like SSL Server Test on your domain to flag up any common problems.


COMMENTS