I opted for letsencrypt mainly because it’s free, and second because it’s a really fast and easy process, automated and open (as described on their homepage).
The process to setup HTTPS on your domain is as follows:
- Clone the letsencrypt client repo on your server
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
- Request and install a certificate (replace vittoriomonaco.it with your domain)
./letsencrypt-auto --apache -d vittoriomonaco.it
You can now visit your homepage with HTTPS and check that everything worked fine :)
Bonus point: auto renewal
Since letsencrypt is currently in beta, the certificate only lasts 3 months, then you need to renew it. To automate this process, I followed the well written tutorial by DigitalOcean.
The main steps are listed here for convenience:
- Download the renewal script (you can check it our here
curl -L -o /usr/local/sbin/le-renew http://do.co/le-renew chmod +x /usr/local/sbin/le-renew
- Setup a cronjob that checks whether the certificate needs to be renewed and renews it if needed every week
30 2 * * 1 /usr/local/sbin/le-renew vittoriomonaco.it >> /var/log/le-renew.log
The script runs every Monday at 2.30 am and outputs its log at
/var/log/le-renew.log. Remember to replace vittoriomonaco.it with your domain as before.
Once again, that’s it!
Now you have a HTTPS-enabled domain, that automatically renews its certificate when needed. Fire and forget ;)