Installing Let’s Encrypt – Free & Open TLS certificate

Let’s Encrypt is a free and open certificate authority managed by a public benefit organization called ISRG which concentrates on the security communication over the Internet. There are many technology companies like Mozilla, Akamai, EFF, Cisco, IdenTrust, Facebook, etc are sponsors and the platinum sponsors have a seat in their Technical Advisory Board.

It uses Automated Certificate Management Environment (ACME) protocol to enable communication between the certification authority and the web server to which the certificate is issued. Let’s encrypt uses ACME to validate the domain Server Name Indication. ACME protocol has been submitted as draft to IETF for formal approval process to be an RFC.

Starting October 2015 Let’s Encrypt intermediate certificates are cross signed by IdenTrust hence all the certificates signed by Let’s Encrypt are trusted by major browsers. It moved from private beta to public beta on 3rd December 2015.
Currently it works only on *nix operating systems that include Python 2.6/2.7 and it requires root access. I tried it on Amazon Linux instance and it worked like a charm in few easy steps.

Clone the letsencrypt repository from github

Create a configuration file with the requirements

Execute letsencrypt-auto with –debug option since Amazon Linux is currently not fully supported and pass the configuration files as the argument. It will download all the dependencies and generate the certificate.

When the command completes successfully it has created the valid certificate under “/etc/letsencrypt/live” in a directory with name same as the domain name.

fullchain.pem – Contains the server certificate and intermediate certificates.
privkey.pem – Contains the private key which was used to sign the certificate.

Configured Apache to point to these certificate and restarted the service.

Now the site has the valid signed certificate.


Leave a Comment

Your email address will not be published.