Stop Paying for SSL Certificates

One of my most proud accomplishments of late is finally, after 7 years of web development, having one of my personal sites be secured with a valid SSL certificate. Now, this may not sound like such a big thing to some more seasoned developers, but to me, it’s kind of a big deal. My wife had to witness me have a nerdgasm afterward, as I tried to explain to her the significance of having an SSL certificate. Mainly it came down to having that satisfying little green lock with the word “Secure” next to it.

Now, anyone who has tried to get an SSL certificate in the past knows that they are a pain in the but to get. There are hundreds of providers and they can be expensive. Unfortunately, for those exact reasons SSL certificates aren’t usually seen as a priority for smaller sites such as personal blogs like this. Thankfully The Linux Foundation, as well as a myriad of other supporters, have come to the rescue in the form of Let’s Encrypt.

According to Let’s Encrypt’s website:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

What does this mean for us as developers? It simply means that securing your website isn’t just for the big boys anymore. Any developer with a little bit of terminal knowledge can generate and install their very own certificate and get that comforting little “Secure” emblem next to their website’s URL.

So, how do I get started?

Getting started with Let’s Encrypt is super fairly easy. First of all, you should know that my primary development machine right now is running Ubuntu. Yours might be different and that’s okay. The Certbot client works with almost all Unix-based operating systems. Those with Non-Unix systems, such as Windows running Microsoft IIS, aren’t completely out of luck, but my instructions here won’t help. You might try using something like ACMESharp instead.

For Debian-based Linux distributions such as Ubuntu, the process is fairly straightforward. First, you’ll need to open a terminal window. For those that aren’t familiar with the terminal this can be daunting, but fear not! The terminal isn’t as scary as it first appears.

Paste the following commands into the terminal, making sure to respond yes to any prompts.

sudo apt-get install software-properties-common  
sudo add-apt-repository ppa:certbot/certbot  
sudo apt-get update

After the update has finished, enter the following command. For this example I’m using nginx, if you’re using apache you should install python-certbot-apache instead.

sudo apt-get install python-certbot-nginx

Once the plugin is installed, run the following to generate a cert and automatically add it to your nginx configuration file.

certbot --nginx

It’s also possible to get a little more control when installing your certs. For instance, with this blog I used the --webroot flag to have a validation file placed into this site’s root in order for Let’s Encrypt to verify that this site is mine. The full command I used was:

certbot --webroot -w /var/www/my-blog -d -d

This installed both certs and then verified that my sites were where I said they were.

Finally, these certificates expire after 90 days, so you will need to renew them often. The easiest way to do that is to run the certbot renew --dry-run command. This creates a cron job that will auto-renew the certificate for you.

Congratulations! You now have an SSL certificate installed! All of the instructions above are also listed on the Certbot Website for a myriad of different distros.

This article is also available on my personal blog at Please check it out!

Edit: For people that are wondering about the “super fairly easy”, check out my blog. The original version has a strike through and that didn’t translate here.


Leave a Reply

Your email address will not be published. Required fields are marked *