Free SSL Certificate, Let’s Encrypt

When I first launched this blog, I set up an SSL certificate from StartCom. It was an okay experience to use, other than I had to renew it via their site every year. But a couple of days ago, Chrome prompted SSL errors when I visited the blog and refused to recognise the certificate even after I renewed it. A quick Google search tells that StartCom got themselves banned by Chrome and Firefox.

So I went on looking for new certificate provider and apparently Let’s Encrypt is the best call right now.

Differ from StartCom, Let’s Encrypt has a program can be run directly on the server to get a certificate and auto-configure HTTPS (didn’t work though), which is much easier.

According to the doc, all I had to do was just downloading and then running.

    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
    ./certbot-auto

Unfortunately, it doesn’t recognise my Nginx settings, so I had to get certificate firstly and configure it myself manually

    ./certbot-auto certonly

During the run it will promote to let you enter the domain name and the root of web server etc., you can refer the official site(https://letsencrypt.org/) for detail. But in general, it was pretty easy and nice.