Letsencrypt is a service to get free short-lived SSL certificates. There is a library from the same guys that created that service called cert-bot. Instructions on how to use it can be found on the official documentation.

Installation

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

Create Certificate for Domain

For demonstration purposes, we will use

There are 2 methods: standalone and by webroot. Depending on what you use, the command will change:

Standalone

./certbot-auto certonly --standalone -d swapps.com

Webroot

./certbot-auto certonly --webroot --webroot-path /var/www/html/ -d swapps.com

Install the certificate on the web server

Cool, we got a new certificate for the domain. The next questions are: Where is it located? How do I install it?

If everything was successful, your certificate files will be located at:

/etc/letsencrypt/live/swapps.com

And you will find the following files:

cert.pem: The actual certificate.

chain.pem: Certificate from certificate authority.

fullchain.pem: cert.pem + chain.pem

privkey.pem: The private key used to sign the certificate

Install new certificate on Apache web server

In the section to add the certificates of your Apache vhost, you will need to add something like this:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/swapps.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/swapps.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/swapps.com/chain.pem

Install new certificate on Nginx web server

In the section to add the certificates of your Nginx vhost, you will need to add something like this:

ssl on;
ssl_certificate /etc/letsencrypt/live/swapps.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/swapps.com/privkey.pem;

After you have edited the corresponding files, you will need to restart the web server so the changes take effect. When you are done, you can go to the website using https and you will see your new certificate working  and powered by Let’s Encrypt.