One of my most proud accomplishments of late is finally, after 7 years of [web development](https://hackernoon.com/tagged/web-development), having one of my personal sites be secured with a valid SSL certificate. Now, this may not sound like such a big thing to some more seasoned developers, but to me, it’s kind of a big deal. My wife had to witness me have a nerdgasm afterward, as I tried to explain to her the significance of having an SSL certificate. Mainly it came down to having that satisfying little green lock with the word “Secure” next to it.

Now, anyone who has tried to get an SSL certificate in the past knows that they are a pain in the but to get. There are hundreds of providers and they can be expensive. Unfortunately, for those exact reasons SSL certificates aren’t usually seen as a priority for smaller sites such as personal blogs like this. Thankfully [The Linux Foundation](https://www.linuxfoundation.org/), as well as [a myriad of other supporters](https://letsencrypt.org/sponsors/), have come to the rescue in the form of [Let’s Encrypt](https://letsencrypt.org/).

According to Let’s Encrypt’s website:

> Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the [Internet Security Research Group (ISRG)](https://letsencrypt.org/isrg/).

What does this mean for us as developers? It simply means that securing your website isn’t just for the big boys anymore. Any developer with a little bit of terminal knowledge can generate and install their very own certificate and get that comforting little “Secure” emblem next to their website’s URL.

#### So, how do I get started?

Getting started with Let’s Encrypt is super fairly easy. First of all, you should know that my primary development machine right now is running [Ubuntu](https://blog.cwatsondev.com/stop-paying-for-ssl-certificates/). Yours might be different and that’s okay. The [Certbot](https://certbot.eff.org/) client works with almost all Unix-based operating systems. Those with Non-Unix systems, such as Windows running Microsoft IIS, aren’t completely out of luck, but my instructions here won’t help. You might try using something like [ACMESharp](https://github.com/ebekker/ACMESharp) instead.

For Debian-based Linux distributions such as Ubuntu, the process is fairly straightforward. First, you’ll need to open a terminal window. For those that aren’t familiar with the terminal this can be daunting, but fear not! The terminal isn’t as scary as it first appears.

Paste the following commands into the terminal, making sure to respond yes to any prompts.

    sudo apt-get install software-properties-common  sudo add-apt-repository ppa:certbot/certbot  sudo apt-get update

After the update has finished, enter the following command. For this example I’m using `nginx`, if you're using `apache` you should install `python-certbot-apache` instead.

    sudo apt-get install python-certbot-nginx

Once the plugin is installed, run the following to generate a cert and automatically add it to your `nginx` configuration file.

    certbot --nginx

It’s also possible to get a little more control when installing your certs. For instance, with this blog I used the `--webroot` flag to have a validation file placed into this site's root in order for Let's Encrypt to verify that this site is mine. The full command I used was:

    certbot --webroot -w /var/www/my-blog -d blog.cwatsondev.com -d www.blog.cwatsondev.com

This installed both certs and then verified that my sites were where I said they were.

Finally, these certificates expire after 90 days, so you will need to renew them often. The easiest way to do that is to run the `certbot renew --dry-run` command. This creates a `cron job` that will auto-renew the certificate for you.

Congratulations! You now have an [SSL](https://hackernoon.com/tagged/ssl) certificate installed! All of the instructions above are also listed on the [Certbot Website](https://certbot.eff.org/) for a myriad of different distros.

This article is also available on my personal blog at [https://blog.cwatsondev.com](https://blog.cwatsondev.com). Please check it out!

Edit: For people that are wondering about the “super fairly easy”, check out my [blog](https://blog.cwatsondev.com). The original version has a strike through and that didn’t translate here.

Apache

Microsoft

Super

Too Long; Didn't Read

Cassandra Forward a free Cassandra-focused community event

Stop Paying for SSL Certificates

Too Long; Didn't Read

Companies Mentioned

@watzon

RELATED STORIES