If you’ve a website and want to encrypt the connection to and from your server then you need not spend a single dime to enable ssl. Here comes Let’s Encrypt. To enable HTTPS on your website, you generally need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host. One such ACME client software is certbot which we would be using it here.

Below are the common commands to get you started:

certbot is a program to help obtain and install certifiates for different kinds of server. I will be only showing how to do it in apache server. You can read their documentation for more.

certbot certonly --cert-name ramswaroop.me --webroot -w /var/www/ramswaroop.me -d www.ramswaroop.me -d ramswaroop.me -w /var/www/jbot.ramswaroop.me -d jbot.ramswaroop.me

certonly subcommand only obtains the certificate and does not install it on your server. You can replace it with run subcommand to obtain and install the certificate (which is the default behaviour).

If you use the run command, certbot will automatically obtain and install the certificates at all the defined webroots. It will create -le-ssl.conf file in `/etc/apache2/sites-available` directory which would contain the ssl configuration for all your domains/sub-domains.

If you use the certonly command, you can manually install the certificates after obtaining it. To install it manually in your apache server, you need to create a file like /etc/apache2/sites-available/ramswaroop.me-le-ssl.conf if you are installing for domain ramswaroop.me and insert the below <VirtualHost> directive (assuming you are serving various domains or sub-domains from the same apache server):

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName ramswaroop.me
     Redirect permanent / http://www.ramswaroop.me/
SSLCertificateFile /etc/letsencrypt/live/ramswaroop.me/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ramswaroop.me/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/ramswaroop.me/chain.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.ramswaroop.me
        #ServerAlias www.ramswaroop.me

        ServerAdmin webmaster@ramswaroop.me
        DocumentRoot /var/www/ramswaroop.me

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/ramswaroop.me/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ramswaroop.me/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/ramswaroop.me/chain.pem
</VirtualHost>
</IfModule>

You can repeat the above directive for all the domains/sub-domains you have or want to install this particular certificate on.

After you are done obtaining and installing certificates. You can do:

sudo a2ensite ramswaroop.me

And finally, restart you apache server to reflect all changes:

sudo service apache2 restart

That’s it. You’re site is now secure. All the credit goes to Let’s Encrypt.