Howto Install a free SSL certificate on Ubuntu Server 14.04 LTS
Let’s Encrypt offers free, automated, and open SSL certificates. This is the cheapest and easiest way to secure all communication with your server.
Purchase a domain
You probably already own a domain but just to be clear, for your SSL certificate to work you must purchase a domain. Depending on your needs, as an alternative to purchasing a new domain for every project, you could simply add a subdomain to your A records for a domain you already own! Also the Let’s Encrypt certificate authority will not issue certificates for a bare IP address! Wildcard domains aren’t supported either currently!
Launch an Ubuntu Server
In case you don’t have your own Ubuntu server already, I suggest you check out my other blog post, which explains how to launch a very cheap EC2 instance.
Installing your SSL certificate
Using certbot, this task becomes pretty simple. I will be running Ubuntu Server 14.04 LTS with nginx (and Meteor on top). The manual for this configuration is pretty straight forward.
1. Install certbot
Ssh to your server to download and install certbot. I have been doing this right from /home/ubuntu/.
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto2. Fetch your SSL certificate
The next command will fetch your certificates and store them in /etc/letsencrypt/live/yourdomain.com. This is also the path you will need for your nginx or Meteor config.
./certbot-auto certonly --standalone --email username@mail.com -d yourdomain.com -d www.yourdomain.com -d *.yourdomain.com3. Automatic renewal
Your certificate will only last for 90 days, therefore you will have to renew it with a cron job. To test automatic renewal run this command:
./certbot-auto renew --dry-runIf this works, we finally need to create a cron job to upgrade the certificates. Open crontab with your preferred editor. I usually use nano.
crontab -eCertbot recommends running the renewal script twice a day and selecting a random minute within the hour. You should change minute and hour values to some other random values!
24 5 * * 1 /home/ubuntu/certbot-auto renew --quiet --no-self-upgrade
41 17 * * 1 /home/ubuntu/certbot-auto renew --quiet --no-self-upgradeNext steps
You are done registering your free SSL certificate. If you are interested in running a Meteor application on that server, you should head over to my other blog post.
