Let’s Encrypt

Okay, it’s been a while since I have written anything here.  Partly because I have been busy, but mostly because I have been unsure of what to write about and what direction to take this blog in.  That is still the case, but since I have just updated my site to use SSL it seems appropriate to say a few words about that.

I always thought setting up SSL would be tricky… and would cost me, but I recently read about Let’s Encrypt.  They are a new open source certificate authority who provide the ability for you to generate your own domain validation certificate that you can upload to your site – for free.  It took me a few hours to get my head around and to get it set-up on my info site, but the second time around – once I knew what I was doing – it took less than 20 minutes.  I found this article from Neurobin very useful.

You will need to install the client by cloning the repository from Github to your local machine or somewhere, then run the command to generate a cert for the domain and any subdomains that you want included.   It will present you with a challenge for each one, which is basically just a way to prove that you own the domain.  You will need to be able to create a directory and file on your web server containing the string that it generates.  If the client can verify that the generated content is available on your website it will generate the cert and private key on your local machine.  You will then need to install these on your site.  This can be done through cPanel or similar if your site is on a shared hosting site (like this one), or whatever way you would install SSL certs on your particular hosting solution.  I also generated and installed a Let’s Encrypt cert on another site that is hosted free on Google App Engine – and this was just as straight-forward.

The certs are currently only valid for 90 days so I will need to renew again in a couple of months.  I only have a few sites to look after so this shouldn’t be an issue, but we will see.  They also don’t offer wildcard certs so you will need to specify any subdomains that you require when generating the cert, e.g. www.  Again, not a big issue for me.  It was free after all.  And both my sites are now displaying the green padlock, which is very satisfying.

Leave a Reply

Your email address will not be published. Required fields are marked *