Free SSL certificates! This not a mirage. Follow this instructions step by step and you will be able to secure all your running projects for free.
About let’s encrypt: let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.
1 2 3 | wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/sbin/ chmod a+x /usr/local/sbin/certbot-auto |
certbot-auto certonly -a webroot --webroot-path=/srv/www/zeldor.biz -d zeldor.biz |
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/zeldor.biz/fullchain.pem
Nginx-configuration example:
1 2 | ssl_certificate /etc/letsencrypt/live/zeldor.biz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zeldor.biz/privkey.pem; |
Apache2-configuration example:
1 2 | SSLCertificateFile "/etc/letsencrypt/live/zeldor.biz/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/zeldor.biz/privkey.pem" |
Postfix-configuration example:
1 2 3 4 5 | smtpd_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem smtp_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem smtp_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem |
Dovecot-configuration example (/etc/dovecot/conf.d/10-ssl.conf):
1 2 3 | ssl_cert = </etc/letsencrypt/live/zeldor.biz/fullchain.pem ssl_key = </etc/letsencrypt/live/zeldor.biz/privkey.pem ssl_ca = </etc/letsencrypt/live/zeldor.biz/chain.pem |
Now check with ssllabs the overall SSL-security for your domain.
Sources:
Let’s Encrypt logo
Leave a Reply