Let’s Encrypt!

So you may have noticed that the blog now accepts HTTPS connections!  That’s right, https://www.thesysadminlife.com is now a working and valid URL.  I joined the beta of Let’s Encrypt, it took about 5 minutes to setup and couldn’t have been easier (especially considering what a pain in the ass SSL certs have typically been).

This site runs on Apache, which is supported web server for Let’s Encrypt client.  I got a copy of the latest code from Git, and ran the following command

./letsencrypt-auto --apache -d thesysadminlife.com -d www.thesysadminlife.com

It churned for a few minutes and then asked which Apache config file contains the virtual host settings for my site.  I am running Debian on a VPS that was provisioned from scripts, so there were three options to pick from and I wasn’t sure which one was correct.  My first attempt failed, so I re-ran the command above and picked the option to re-install the already provisioned cert.  With a different choice, it succeeded and everything worked fine.  I was also given the choice to redirect HTTP traffic to HTTPS traffic or to accept both.  Since this site is just a personal blog, I chose to accept both types (for now).

One thing I didn’t know before starting this was the certificates from Let’s Encrypt are only valid for 90 days.  I followed the instructions and easily setup a cron job that renews the cert every 60 days, giving me a month of buffer time in case something goes wrong.

It really was the best experience I’ve ever had when dealing with server certificates.  I’m not sure how it could have been easier.  I can completely recommend this service to anyone wanting to secure their site (though for an e-commerce site, perhaps a paid cert would be a better choice).

For setup instructions, check out the instructions over at Let’s Encrypt.