October 27, 2015

SSL web site using Let's Encrypt

Open Source

Yesterday I was accepted in the beta program of Let's Encrypt, and I received an email on how to obtain the server-side SSL certificates for this web site.

The setup is pretty straightforward, though you need to pay attention on how you set things up on your web server. I use nginx and this is the configuration I had to add to serve HTTPS requests:

server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl on;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # ...


To authenticate your web site, the instructions tell you to place some files in a .well-known/acme-challenge directory. I placed those directly in the root directory that serves my site. Just make sure you have the proper permissions on the directories and files so the web server can serve them, and have the Content-Type set to application/jose+json. On Apache, this is how you do it:

<DirectoryMatch \.well-known/acme-challenge>
  ForceType application/jose+json

For nginx add a config like this inside the server block for your site:

location /.well-known/acme-challenge {
  root /your/htdocs/directory/here;
  default_type application/jose+json;

The SSL certificates are valid for 90 days during the beta test period, but I expect they will extend them to a more usual 1 year once everything works smoothly.

Once you're done setting things up head over to SSL Labs and verify that your SSL web site is properly setup.

Overall a very pleasant experience, and I would say even better than what you get from other SSL certificate authorities.

To sign up for Let's Encrypt's Beta program click here.

Posted by ovidiu at October 27, 2015 07:03 PM |


Posted by: svOEwjJNkxA on January 9, 2020 06:59 AM


Posted by: URPozcKMDqSsd on January 22, 2020 03:42 AM


Posted by: HhaBvMJIDTGWEAeR on March 4, 2020 07:43 AM


Posted by: cDfElzyn on March 17, 2020 11:00 PM


Posted by: VQPGKypdMb on April 8, 2020 02:18 PM


Posted by: rOsdXfJLCcWtF on May 17, 2020 03:31 PM


Posted by: rLJgZWusPzod on June 15, 2020 02:20 PM


Posted by: tBhICOGdclaqP on June 25, 2020 01:09 AM


Posted by: bKrmyUJQjghYvitN on June 28, 2020 04:11 AM


Posted by: SuMqegiz on August 1, 2020 07:25 AM
Post a comment

Email Address:



Remember info?

Copyright © 2002-2016 Ovidiu Predescu.