Switching my SSL certificates to Let's Encrypt

Today I switched my sites from StartSSL to Let's Encrypt. It took about 5 minutes.
created by on 2015-11-09

Despite its’ quirky user-interface StartSSL has served me well, but it’s time to move on to an even more convienient service: Let’s Encrypt

I received my Let’s encrypt beta program invitation e-mail last week (only shortly after signing up for the beta program). And now I took the very simple steps described in the e-mail to create my first SSL certificates signed by Let’s Encrypt.

Let's Encrypt Installation and Setup
Let's Encrypt Certificate Request Dialog

And there the result. “https://andykdocs.de" before and after:

andykdocs.de before and after switching to Let's Encrypt

Steps for creating Let’s Encrypt SSL certificates

  1. Connect to the server that will run your websites
  2. Clone the Let’s Encrypt Client

    cd /usr/local/src
    git clone https://github.com/letsencrypt/letsencrypt
  3. Start the Let’s Encrypt dialog (letsencrypt-auto)

    cd /usr/local/src/letsencrypt
    ./letsencrypt-auto --agree-dev-preview --server \
        https://acme-v01.api.letsencrypt.org/directory certonly
  4. The first time you will be prompted to enter an E-Mail address.

  5. Then you only have to enter the domain names you want to create SSL certificates for.

Screenshot of the finished letsencrypt-auto dialog

The created SSL certificates will be stored in /etc/letsencrypt/live/:

tree -l /etc/letsencrypt/live/
├── www.allmark.io
│   ├── cert.pem -> ../../archive/www.allmark.io/cert1.pem
│   ├── chain.pem -> ../../archive/www.allmark.io/chain1.pem
│   ├── fullchain.pem -> ../../archive/www.allmark.io/fullchain1.pem
│   └── privkey.pem -> ../../archive/www.allmark.io/privkey1.pem
└── www.andykdocs.de
    ├── cert.pem -> ../../archive/www.andykdocs.de/cert1.pem
    ├── chain.pem -> ../../archive/www.andykdocs.de/chain1.pem
    ├── fullchain.pem -> ../../archive/www.andykdocs.de/fullchain1.pem
    └── privkey.pem -> ../../archive/www.andykdocs.de/privkey1.pem

Screenshot of the certificate storage location at  /etc/letsencrypt/live/

Join the beta program yourself

You can still join the Let’s Encrypt Beta Program by filling out the Let’s Encrypt Beta Participation Request at Google Forms:

Screenshots of the Let's Encrypt Beta Participation Request Google Form


Let’s encrypt rocks 🚀
Please join them and encrypt all the things.