Gilang Chandrasa Thoughts, stories, and ideas

Trying out Let's Encrypt

Update : This post already out of date, please see HTTPS with NginX and Let’s Encrypt

I love free stuff and I always want to add https support to this site, the good news is Let’s Encrypt entering public beta

Wait, what is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

The short story, you can get free certificate to enable SSL support on your site. I know you’re excited now.

Installation

You can use available plugins to make everything more automatic, but unfortunately NginX plugin is still experimental as this time writing.

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ sudo service nginx stop
$ ./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory auth

Free is one thing, but knowing it’s so easy to generate the certificate is another bonus to put smile on my face.


Configuration

That’s it. You just need to turn on SSL and put the certificate.

server {
    listen 443 default_server;
    listen [::]:443 default_server ipv6only=on;

    server_name gilang.chandrasa.com; # Replace with your domain

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/gilang.chandrasa.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gilang.chandrasa.com/privkey.pem;

    ...
}

server {
    listen      80;
    server_name gilang.chandrasa.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

This certificate will expiry in 90 days and you just could use the same command as before to renew the certificate.

They are working on auto renewal process. Until the tool is ready, I’m happy with current setup. It’s free.