Despite its’ quirky user-interface StartSSL has served me well, but it’s time to move on to an even more convienient service: Let’s Encrypt
I received my Let’s encrypt beta program invitation e-mail last week (only shortly after signing up for the beta program). And now I took the very simple steps described in the e-mail to create my first SSL certificates signed by Let’s Encrypt.
And there the result. “https://andykdocs.de" before and after:
Steps for creating Let’s Encrypt SSL certificates
- Connect to the server that will run your websites
Clone the Let’s Encrypt Client
cd /usr/local/src git clone https://github.com/letsencrypt/letsencrypt
Start the Let’s Encrypt dialog (
cd /usr/local/src/letsencrypt ./letsencrypt-auto --agree-dev-preview --server \ https://acme-v01.api.letsencrypt.org/directory certonly
The first time you will be prompted to enter an E-Mail address.
Then you only have to enter the domain names you want to create SSL certificates for.
The created SSL certificates will be stored in
tree -l /etc/letsencrypt/live/ /etc/letsencrypt/live/ ├── www.allmark.io │ ├── cert.pem -> ../../archive/www.allmark.io/cert1.pem │ ├── chain.pem -> ../../archive/www.allmark.io/chain1.pem │ ├── fullchain.pem -> ../../archive/www.allmark.io/fullchain1.pem │ └── privkey.pem -> ../../archive/www.allmark.io/privkey1.pem └── www.andykdocs.de ├── cert.pem -> ../../archive/www.andykdocs.de/cert1.pem ├── chain.pem -> ../../archive/www.andykdocs.de/chain1.pem ├── fullchain.pem -> ../../archive/www.andykdocs.de/fullchain1.pem └── privkey.pem -> ../../archive/www.andykdocs.de/privkey1.pem
Join the beta program yourself
You can still join the Let’s Encrypt Beta Program by filling out the Let’s Encrypt Beta Participation Request at Google Forms:
Let’s encrypt rocks 🚀
Please join them and encrypt all the things.