Letsencrypt is a service to get free short-lived SSL certificates. There is a library from the same guys that created that service called cert-bot. Instructions on how to use it can be found on the official documentation.
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto
Create Certificate for Domain
For demonstration purposes, we will use swapps.com domain.
There are 2 methods: standalone and by webroot. Depending on what you use, the command will change:
./certbot-auto certonly --standalone -d swapps.com
./certbot-auto certonly --webroot --webroot-path /var/www/html/ -d swapps.com
Install the certificate on the web server
Cool, we got a new certificate for the domain. The next questions are: Where is it located? How do I install it?
If everything was successful, your certificate files will be located at:
And you will find the following files:
cert.pem: The actual certificate.
chain.pem: Certificate from certificate authority.
fullchain.pem: cert.pem + chain.pem
privkey.pem: The private key used to sign the certificate
Install new certificate on Apache web server
In the section to add the certificates of your Apache vhost, you will need to add something like this:
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/swapps.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/swapps.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/swapps.com/chain.pem
Install new certificate on Nginx web server
In the section to add the certificates of your Nginx vhost, you will need to add something like this:
ssl on; ssl_certificate /etc/letsencrypt/live/swapps.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/swapps.com/privkey.pem;
After you have edited the corresponding files, you will need to restart the web server so the changes take effect. When you are done, you can go to the website using https and you will see your new certificate working and powered by Let’s Encrypt.