Free SSL Certificate, Let’s Encrypt

While I was first launching this blog, I already got an SSL certificate from StartCom. It doesn’t bother me much rather than the renewal every year. But a couple of days ago, Chrome still didn’t recognise the certificate after I renewed it. After some search, I realised StartCom get themselves banned by Chrome and Firefox.

So I went to research again and found the CA I’m currently using, Let’s Encrypt.

Differ from StartCom, Let’s Encrypt has a program can be run directly on the server to get a certificate and auto-configure HTTPS (didn’t work though), which is much easier.

According to the doc, all I had to do was just downloading and then running.

    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto
    ./certbot-auto

Unfortunately, it doesn’t recognise my Nginx settings, so I had to get certificate firstly and configure it myself manually

    ./certbot-auto certonly

During the run it will promote to let you enter the domain name and the root of web server etc., you can refer the official site(https://letsencrypt.org/) for detail. But in general, it was pretty easy and nice.