Stop Paying for SSL Certificates

One of my most proud accomplishments of late is finally, after 7 years of , having one of my personal sites be secured with a valid SSL certificate. Now, this may not sound like such a big thing to some more seasoned developers, but to me, it’s kind of a big deal. My wife had to witness me have a nerdgasm afterward, as I tried to explain to her the significance of having an SSL certificate. Mainly it came down to having that satisfying little green lock with the word “Secure” next to it. web development Now, anyone who has tried to get an SSL certificate in the past knows that they are a pain in the but to get. There are hundreds of providers and they can be expensive. Unfortunately, for those exact reasons SSL certificates aren’t usually seen as a priority for smaller sites such as personal blogs like this. Thankfully , as well as , have come to the rescue in the form of . The Linux Foundation a myriad of other supporters Let’s Encrypt According to Let’s Encrypt’s website: Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the . Internet Security Research Group (ISRG) What does this mean for us as developers? It simply means that securing your website isn’t just for the big boys anymore. Any developer with a little bit of terminal knowledge can generate and install their very own certificate and get that comforting little “Secure” emblem next to their website’s URL. So, how do I get started? Getting started with Let’s Encrypt is super fairly easy. First of all, you should know that my primary development machine right now is running . Yours might be different and that’s okay. The client works with almost all Unix-based operating systems. Those with Non-Unix systems, such as Windows running Microsoft IIS, aren’t completely out of luck, but my instructions here won’t help. You might try using something like instead. Ubuntu Certbot ACMESharp For Debian-based Linux distributions such as Ubuntu, the process is fairly straightforward. First, you’ll need to open a terminal window. For those that aren’t familiar with the terminal this can be daunting, but fear not! The terminal isn’t as scary as it first appears. Paste the following commands into the terminal, making sure to respond yes to any prompts. sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update After the update has finished, enter the following command. For this example I’m using , if you're using you should install instead. nginx apache python-certbot-apache sudo apt-get install python-certbot-nginx Once the plugin is installed, run the following to generate a cert and automatically add it to your configuration file. nginx certbot --nginx It’s also possible to get a little more control when installing your certs. For instance, with this blog I used the flag to have a validation file placed into this site's root in order for Let's Encrypt to verify that this site is mine. The full command I used was: --webroot certbot --webroot -w /var/www/my-blog -d blog.cwatsondev.com -d www.blog.cwatsondev.com This installed both certs and then verified that my sites were where I said they were. Finally, these certificates expire after 90 days, so you will need to renew them often. The easiest way to do that is to run the command. This creates a that will auto-renew the certificate for you. certbot renew --dry-run cron job Congratulations! You now have an certificate installed! All of the instructions above are also listed on the for a myriad of different distros. SSL Certbot Website This article is also available on my personal blog at . Please check it out! https://blog.cwatsondev.com Edit: For people that are wondering about the “super fairly easy”, check out my . The original version has a strike through and that didn’t translate here. blog