SSL certificates, in case you don’t already know, are the mechanism by which one can secure the connection between a user and a web site – they are the “keys” to establishing a secure connection between the endpoints so that transmitted data can’t be intercepted.
As someone who’s frequently spinning up Linux VMs to use as servers to provide services to my users, I have to be concerned about such security in instances where the services will be accessed by the outside world. Typically, I’ll simply generate a self-signed certificate from the server itself which, while providing security, also means that the user has to cope with the browser-generated security warning every time they visit the site.
The way to avoid this is to purchase a signed, trusted SSL certificate from a third-party – something that typically costs $70+ per year. Not necessarily practical to me when I’m testing out various tools, destroying VMs etc. all of the time.
Enter Let’s Encrypt, a new service I recently discovered that offers freely-available, authoritative SSL certificates. I’ve just finished the process of setting up my first server using a certificate generated by Let’s Encrypt (“LE”) and it works like a champ.
Now, there’s a catch to relying on a LE certificate – they expire in 90 days. Fortunately, it’s a simply matter to renew it using a shell script attached to a cronjob.
Full details on how to generate, set up and maintain a LE certificate can be found here: How To Secure Apache with Let’s Encrypt on Ubuntu 14.04.