LetsEncrypt

Lets Encrypt - Free Domain Verified certificates for everyone.

I've begun the process of moving all the sites I host to HTTPS. I was lucky enough to get a Beta Program invitation for the Let's Encrypt project. I used their ACME client to verify domain control and issue a certificate. I was impressed by how easy the process was. The project is scheduled to move into general availability in the middle of November 2015.

I've been participating in the community support section of the LetsEncrypt.org site for a few weeks now and have seen a few issues from people trying to issue certificates who were not "technical" people. While the ACME client can do many of the technical parts of the process, such as configuring Apache, verifying the domain, getting the certificates, and reconfigure Apache to use them, the process can be kind of intimidating. One of the first issue I saw was users trying to use the ACME client to get certificates for domains the own but host on shared hosting systems. Since the ACME client requires command line access, as of now, I don't see any reasonable way for these people to use an automated certificate issuance system.

After experimenting with the system I've come up with my best practices for issuing certificates, installing them, and serving them. I'll detail my process here.