When I first launched this blog, I set up an SSL certificate from StartCom. It was an okay experience to use, other than I had to renew it via their site every year. But a couple of days ago, Chrome prompted SSL errors when I visited the blog and refused to recognise the certificate even after I renewed it. A quick Google search tells that StartCom got themselves banned by Chrome and Firefox.
So I went on looking for new certificate provider and apparently Let’s Encrypt is the best call right now.
Differ from StartCom, Let’s Encrypt has a program can be run directly on the server to get a certificate and auto-configure HTTPS (didn’t work though), which is much easier.
According to the doc, all I had to do was just downloading and then running.
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto
Unfortunately, it doesn’t recognise my Nginx settings, so I had to get certificate firstly and configure it myself manually
./certbot-auto certonly
During the run it will promote to let you enter the domain name and the root of web server etc., you can refer the official site(https://letsencrypt.org/) for detail. But in general, it was pretty easy and nice.