After a long wait Let’s Encrypt if finally in a Beta stage.
After I have received email from them, the installation bit of the email:
To use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line:
When running the Python client (installation directions ), be sure to specify the --server argument with the production URL:
git clone https://github.com/letsencrypt/letsencrypt
./letsencrypt-auto –agree-dev-preview –server \
If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.
Full text is available here: https://community.letsencrypt.org/t/beta-program-announcements/1631
so I stopped the service and tried again:
Quick look to check if the certificates are where they supposed to be:
Last thing remaining is to update Nginx config to point to the newly generated certs:
ssl_certificate /etc/letsencrypt/live/it.awroblew.biz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/it.awroblew.biz/privkey.pem;
then reload nginx:
service nginx reload
and job done.
However I have noticed that with the default config the certs were only 2048 bits. I prefer 4096 so some tiny manual config was required – under /etc/letsencrypt/ create file called cli.ini
and type this in:
rsa-key-size = 4096
then, stop nginx and run:
since I have already generated my certs I got this:
hit replace, start nginx and voila job done:
So for me it is goodbye StartSSL and hello Let’s Encrypt!
For reference here is a link to Let’s Encrypt documentation website – https://letsencrypt.readthedocs.org/en/latest/using.html