Site icon Take On Devops

Getting a free Let’s encrypt TLS certificate for your site

There are many ways of getting a free Let’s encrypt certificate. You can find them easily in here: Getting Started – Let’s Encrypt (letsencrypt.org). There are 2 main ways to get this certificate as per the above link. Namely, generating the certificate with SSH and without SSH.

Here, the method that involves SSH requires that you have root access. But I was able to find another way that works without root access. This blog that I am writing is based on that method.

Let us begin. First, login to your webserver using ssh. At this point, if you have not already enabled ssh, then you will need to enable it. (at least temporarily)

Now, from your home directory type in the following. This command will download the scripts needed to generate the certificates.

curl https://get.acme.sh | sh

Next, you will see that you have a new hidden directory called .acme.sh. The scripts needed to generate the certificate is under this directory. At this point, the previous command should have executed successfully and the .acme.sh directory should be created. (You may verify this by typing ls -la from the current working directory.

Lastly, we just need to generate the certificate with the help of the script we just downloaded. Execute the following.

.acme.sh/acme.sh --issue -d <Your Domain name> -w <Website directory>
Example:
.acme.sh/acme.sh --issue -d takeondevops.com -w /var/www/html

After executing the script, your .acme folder should look like this.

.acme.sh/takeondevops.com:
total 32
-rw-rw-r-- 1 takegpbw takegpbw 3751 May 10 10:32 ca.cer
-rw-rw-r-- 1 takegpbw takegpbw 5597 May 10 10:32 fullchain.cer
-rw-rw-r-- 1 takegpbw takegpbw 1846 May 10 10:32 takeondevops.com.cer
-rw-rw-r-- 1 takegpbw takegpbw  636 May 10 10:32 takeondevops.com.conf
-rw-rw-r-- 1 takegpbw takegpbw  980 May 10 10:32 takeondevops.com.csr
-rw-rw-r-- 1 takegpbw takegpbw  211 May 10 10:32 takeondevops.com.csr.conf
-rw-rw-r-- 1 takegpbw takegpbw 1679 May 10 10:32 takeondevops.com.key

And that is it. Use a FTP client/ SCP client like WinSCP to copy the .cer file (this is your certificate) and the .key file. Alternatively, you can just cat the file and copy the content – for both the certificate and the key.

Optional: If you intended to enable SSH to your webserver temporarily, then now you can disable it.

Stay tuned for more interesting blogs. I hope to add a blog on SSL redirects as well. Check out my featured posts here.

PS: These certificates are only valid for 3 months. After which they will expire. Therefore, you will have to repeat this process later on.