There are many ways of getting a free Let’s encrypt certificate. You can find them easily in here: Getting Started – Let’s Encrypt (letsencrypt.org). There are 2 main ways to get this certificate as per the above link. Namely, generating the certificate with SSH and without SSH.
Here, the method that involves SSH requires that you have root access. But I was able to find another way that works without root access. This blog that I am writing is based on that method.
Let us begin. First, login to your webserver using ssh. At this point, if you have not already enabled ssh, then you will need to enable it. (at least temporarily)
Now, from your home directory type in the following. This command will download the scripts needed to generate the certificates.
curl https://get.acme.sh | sh
Next, you will see that you have a new hidden directory called .acme.sh. The scripts needed to generate the certificate is under this directory. At this point, the previous command should have executed successfully and the .acme.sh directory should be created. (You may verify this by typing ls -la from the current working directory.
Lastly, we just need to generate the certificate with the help of the script we just downloaded. Execute the following.
.acme.sh/acme.sh --issue -d <Your Domain name> -w <Website directory>
Example:
.acme.sh/acme.sh --issue -d takeondevops.com -w /var/www/html
After executing the script, your .acme folder should look like this.
.acme.sh/takeondevops.com:
total 32
-rw-rw-r-- 1 takegpbw takegpbw 3751 May 10 10:32 ca.cer
-rw-rw-r-- 1 takegpbw takegpbw 5597 May 10 10:32 fullchain.cer
-rw-rw-r-- 1 takegpbw takegpbw 1846 May 10 10:32 takeondevops.com.cer
-rw-rw-r-- 1 takegpbw takegpbw 636 May 10 10:32 takeondevops.com.conf
-rw-rw-r-- 1 takegpbw takegpbw 980 May 10 10:32 takeondevops.com.csr
-rw-rw-r-- 1 takegpbw takegpbw 211 May 10 10:32 takeondevops.com.csr.conf
-rw-rw-r-- 1 takegpbw takegpbw 1679 May 10 10:32 takeondevops.com.key
And that is it. Use a FTP client/ SCP client like WinSCP to copy the .cer file (this is your certificate) and the .key file. Alternatively, you can just cat the file and copy the content – for both the certificate and the key.
Optional: If you intended to enable SSH to your webserver temporarily, then now you can disable it.
Stay tuned for more interesting blogs. I hope to add a blog on SSL redirects as well. Check out my featured posts here.