LetsEncrypt manual – without SSH access

There is now a good free Certificate Authority sponsored by big names like mozilla, chrome and cisco.letsencrypt-logo
No more expensive certificate purchases or renewal reminders as letsencrypt takes care of all of this for you.
There is no longer a reason to not secure your website even if there is no sensitive data sent through it.
https://letsencrypt.org

It is allot easier to install it directly on your server if you do have ssh access on your hosting
Follow the steps on https://letsencrypt.org/howitworks/

If you don’t want to install letsencrypt directly on your server or you are on a shared hosting provider then this is for you:

So I am running a vagrant box locally to generate the certs
I need to ensure I have a synced folder to get the certs off this box after generating them
So in Vagrantfile ensure you have:

config.vm.synced_folder "./", "/home/vagrant"

Installation

ssh to the box that you are generating the certificate on (in my case, vagrant)

sudo apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

I could only get things working as root as it seems it needs to update a few python packages

sudo su
./letsencrypt-auto --help

If you can see loads of help commands then you have installed letencrypt successfully

Generate the cert manually

./letsencrypt-auto certonly -a manual -d yoursite.com -d www.yoursite.com

Complete the steps when requested:

screen1

screen2

screen3

screen4

I got asked twice to create files.
So you create the files in the location requested with the contents shown. screen5

And this last screen shows that you have successfully created your certificate.

If you don’t get this then its likely due to letsencrypt not being able to read the files you created. Check yourself that you can see them in a browser.

The cert files will be placed in /etc/letsencrypt
Lets get a copy of these files on my local machine

cp -R /etc/letsencrypt /home/vagrant/letsencryptfiles

I can now view these files and back them up for future

The files of interest are in live/ where all site certs will be stored in folders

Add these certs to your server as you normally would, either manually on the server or through your hosting interface like Plesk.

You should now have the green padlock on your website when visiting with https://
Click on it and open the certificate to see the Issued By details proving that Lets Encrypt is the supplier.

screen6

Certificates from Let’s Encrypt are valid for 90 days (currently) so you might prefer to install on the server to save you having to renew the certificate every 3 months.

Final test

https://www.ssllabs.com/ssltest/

Add your domain to test what rating you get.
If you don’t get a A rating then its likely due to weak ciphers being enabled. Read the recommendations on the site to see what needs to be changed like below.

screen7

And there we go. Installing a free certificate without having to install additional code on your servers

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *