Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India

Another Big Milestone – Let’s Encrypt is now offering Free HTTPS certificates to everyone.
Let’s Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers and to set up HTTPS websites in a few simple steps (mentioned below).
Let’s Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers, including Google’s Chrome, Mozilla’s Firefox and Microsoft’s Internet Explorer.
The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers.

Why Let’s Encrypt?

Let’s Encrypt promised to offer a certificate authority (CA) which is:
  • Free – no charge for HTTPS certs.
  • Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator action.
  • Open – the automatic issuance, as well as renewal procedures, will be published as the open standard.
  • Transparent – the records of all certs issuance or revocation will be available publicly.
  • Secure – the team is committed to being a model of best practice in their own operations.
  • Cooperative – Let’s Encrypt is managed by a multi-stakeholder organization and exists to benefit the community, not any of the consortium members.

How to Install Let’s Encrypt Free SSL Certificate

First of all, let’s say you want to get a certificate for example.com. To run the installation, you must have root access to your example.com web server.
To Generate and Install Let’s Encrypt Free SSL Certificate, you must first download and run the Let’s Encrypt client application.

To install Let’s Encrypt Free SSL certificate follow these Steps:
Step 1: Login to your ‘example.com’ web server using SSH with root access.

Step 2: To install the Git version control system, type the following command:

apt-get install git


Step 3: Then download and install the latest version of Let’s Encrypt Client application, type the following commands:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto


Step 4: Once the installation starts, press Enter to accept the agreement.

Step 5: Then press Enter to specify the server name manually in the text box (for example,www.example.com) and then press Enter.

Step 6: Next, enter your email address, where you can receive messages from Let’s Encrypt and to recover lost keys, and then press Enter.

Step 7: Review the ‘Terms of Service,’ and then press Enter to generate and install the SSL certificate.
Once the installation completes, you’ll receive a ‘Congratulation‘ message.

How to Configure Nginx/Apache for Let’s Encrypt SSL Certificate

By default, Nginx or Apache web servers are not configured to how to use your new certificates.
For example, in case of Nginx: To use the installed SSL certificate, you need to edit Nginx configuration file. Type the following command to open Nginx configuration file:

$ sudo nano /etc/nginx/sites-available/www.example.com

Within that file, add the following lines.

http{
server{

listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/.wwwexample.com/privkey.pem;

}
}

Save the file, and just restart your Nginx web server, using the following command:

sudo nginx -s reload

That’s it! Check complete documentation here.
Congratulation you have successfully installed SSL certificate for your example.com domain.
How to Renew Let’s Encrypt Free SSL Certificate: It is important to note that the beta version of Let’s Encrypt issues certificates that expire after 90 days. So, to renew your SSL certificate, you need to run theletsencrypt-auto script again after expiration.

FREE HTTPS Certificates for Everyone!

So, now it’s time for the Internet to take a significant step forward in terms of security and privacy. With Let’s Encrypt, the team wants HTTPS becomes the default and to make that possible for everyone, it had built Let’s Encrypt in such a way that it is easy to obtain and manage.

“There’s a reward going for anyone who can find a security hole in the service,” the team wrote in ablog post. “We have more work to do before we’re comfortable dropping the beta label entirely, particularly on the client experience.”

“Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms. We’ll be monitoring feedback from users closely, and making improvements as quickly as possible.”