Setting up free SSL certificates with LetsEncrypt

Mithilesh Said
Apr 13, 2018 · 4 min read

Why do you need SSL certificates in the first place?

A little primer, in case you aren’t familiar with what SSL certificates are and why they are important. Imagine you go to your banking website and login with your internet banking password. Your browser sends your account details and password to the bank servers which will verify your account and grant you access.
But before the password reaches the bank servers, it needs to travel over the internet and it can go through several routing servers. There is a possibility that a hacker sniffing the data passing through one of these servers can intercept your password and use it to his advantage.

To prevent that from happening data being transmitted over the internet needs to be encrypted ie. converted from clear text to gibberish at the sender’s end and then converted back to clear text at the receiving end. This encryption is based on the beautiful concept of asymmetric cryptography, which you can read more about here. The idea is simple. There are two keys. One is called public key while the other is called private key. When you go to a website in your browser, the server sends its public key to the browser while keeping the private key with itself.

The browser encrypts data that needs to be transmitted using the public key. And this data can only be decrypted using the private key which the server has. So as long as the server does not reveal its private key, all communication between the browser and the server is secure. SSL certificates allow you to do just that. When you see https in the browser url, your communication with the server is encrypted and hence secure.

The cost of SSL certificates

All browsers are designed to work only with trusted set of SSL certificate providers. If you set up your SSL certificates incorrectly or use an untrusted certificate provider, browsers will reject those certificates and you won’t be able to access the website. As a result it is important to make sure that you get your SSL certificates from a trusted source. DigiCert, Verisign and LetsEncrypt are some of the most trusted certificate providers. While DigiCert and Verisign provide certificates for a price, LetsEncrypt is a free certificate authority initiated and supported by major tech companies.

Note: If you are operating at a scale where your servers receive several thousand requests per second or more, every byte of data in your http request headers will count. I would recommend you go for the paid certificate providers as they specialise in reducing payload sizes while maintaining the security. You’ll end up saving money on server bandwidth.

However if you are operating at low to medium scale or have a hobby project that needs SSL protection, read on about how to setup free certificates using LetsEncrypt.

The actual process of setting up

  1. Install NGINX

2. LetsEncrypt comes with an easy to use bot that helps you install and setup the certificates

3. Set up NGINX config. We’ll create a sample server block.

The first server block in the above config tells NGINX that all traffic coming in on port 80 which is the default http port needs to be redirected to port 443 which is the default https port.

Once the traffic has been redirected to port 443, the second config block tells NGINX to use SSL certificates to decrypt incoming traffic and encrypt outgoing traffic. Filepaths tell NGINX where those certificates are stored on the server.

4. Open up port 443 on your server if it isn’t already open

5. Generate the certificates

6. Keep renewing certificates from time to time. While setting up the certificates, LetsEncrypt will ask for your email address and will send you reminder emails every time your certificates are about to expire.

Setting up certificates for multiple sub-domains can be slightly challenging in the beginning. Feel free to DM me on twitter @MithileshSaid if you run into any issues while doing so.

Founding Ithaka

This is a collection of stories and thoughts from a small…

Founding Ithaka

This is a collection of stories and thoughts from a small, passionate group of people building Ithaka — a travel startup that dares to think different.

Mithilesh Said

Written by

Co-founder and CTO, Ithaka

Founding Ithaka

This is a collection of stories and thoughts from a small, passionate group of people building Ithaka — a travel startup that dares to think different.