EDIT: The below is outdated and certbot should be used in a new installation.

Finally Let’s Encrypt went public with their open source, easy to use, SSL certification solution (Available for everybody, starting on the 3rd of December).
And yes, it’s free! As I’m writing this, Let’s Encrypt is still beta status, but working well in a productive environment. Check out their site to understand how it works.

I assume that you already know how to enable SSL on Apache and that you are comfortable at the command line.

So, let’s do this!

Install git

apt-get install git

Get Let’s Encrypt

git clone https://github.com/letsencrypt/letsencrypt

Create a config file for Let’s Encrypt

vim /etc/letsencrypt/cli.ini

We put the following in cli.ini (change webroot-path to your webroot):

authenticator = webroot
webroot-path = /var/www/vhosts/skrilnetz.net/httpdocs/
server = https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-dev-preview
agree-tos 
email = postmaster@yourdomain.com

 

Generate your certificates

/your_path/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d yourdomain.com -d www. yourdomain.com certonly

Update your Apache configuration to use the new certificate

SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem

Make sure that SSLEgine is set to on.

Reload the Apache config

service apache2 reload

Check if it worked!

 

The certificate will be good for 90 days. Let’s have cron renew it automatically every month.

crontab –e

@monthly /your_path/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d yourdomain.com -d www. yourdomain.com certonly && service apache2 reload

Congratulations! You have secured your site with a free SSL certificate which will be renewed every 30 days.