Let's Encrypt Beta: My Experience
After recently being accepted into the Let’s Encrypt beta (this post was originally written when it was not in public beta) I’ve finally managed to set it up. The email they send you contains some pretty simple instructions:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server \
https://acme-v01.api.letsencrypt.org/directory auth
I’ve detailed the process I went through below.
How I did it
First, create a new directory somewhere on your server (I did mine in /opt
) and clone the Let’s Encrypt client
:
root@test-02:/opt# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 23679, done.
remote: Compressing objects: 100% (145/145), done.
remote: Total 23679 (delta 90), reused 0 (delta 0), pack-reused 23534
Receiving objects: 100% (23679/23679), 6.15 MiB | 9.36 MiB/s, done.
Resolving deltas: 100% (16516/16516), done.
Checking connectivity... done.
root@test-02:/opt#
After that cd
into the directory and start the client:
root@test-02:/opt# cd letsencrypt
root@test-02:/opt/letsencrypt# ./letsencrypt-auto --agree-dev-preview --server \
> https://acme-v01.api.letsencrypt.org/directory auth
Once it installs a whole lot of dependencies we’re presented with this lovely splash screen:
After this I mashed enter through an agreement I was presented with an error since Nginx was listening on port 80, oh no! This meant I wasn’t able to use the default automatic registration method .
No matter, I’ll use the webroot support since Nginx support is still a little buggy as of writing (November 2015). To do this I simply add the --webroot
switch (in my case I put the data in /var/www/letsencrypt
)
After that I was presented with some more options:
And yet another error:
Failed authorization procedure. mooash.me (http-01): unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 190 parts, www.mooash.me (http-01): unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 190 parts
IMPORTANT NOTES:
- The following 'unauthorized' errors were reported by the server:
Domains: mooash.me, www.mooash.me Error: The client lacks sufficient authorization
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
This was because I’m behind CloudFlare so my domains didn’t resolve to the server I’m trying to install it on, doh! I had to disable it and wait for the DNS changes to propagate (roughly 20-30 minutes depending on your TTL).
After that, I’m good to go. Since I’m not placing the authorisation files directly into my webroot I had to setup a location block in Nginx:
location '/.well-known' {
alias /var/www/letsencrypt/.well-known;
}
And after all this, we’ve got our certs!
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mooash.me/fullchain.pem. Your cert will expire
on 2016-02-11. To obtain a new version of the certificate in the
future, simply run Let's Encrypt again.
Conclusion
Over all, the process was pretty painless considering I now have a free valid SSL certificate thats valid across most (if not all) browsers!