After a long wait Let’s Encrypt if finally in a Beta stage.
After I have received email from them, the installation bit of the email:
Quick Start
To use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line:
https://acme-v01.api.letsencrypt.org/directory
When running the Python client (installation directions [1]), be sure to specify the --server argument with the production URL:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto –agree-dev-preview –server \
https://acme-v01.api.letsencrypt.org/directory auth
If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.
Full text is available here: https://community.letsencrypt.org/t/beta-program-announcements/1631
And that is pretty much it. But let’s have a closer look at what I did – as instructed I run this command:
Perhaps an oversight on my behalf but I could not see anything saying that the web server must be stopped:
so I stopped the service and tried again:
Quick look to check if the certificates are where they supposed to be:
Last thing remaining is to update Nginx config to point to the newly generated certs:
ssl_certificate /etc/letsencrypt/live/it.awroblew.biz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/it.awroblew.biz/privkey.pem;
then reload nginx:
service nginx reload
and job done.
However I have noticed that with the default config the certs were only 2048 bits. I prefer 4096 so some tiny manual config was required – under /etc/letsencrypt/ create file called cli.ini
and type this in:
rsa-key-size = 4096
then, stop nginx and run:
since I have already generated my certs I got this:
hit replace, start nginx and voila job done:
So for me it is goodbye StartSSL and hello Let’s Encrypt!
For reference here is a link to Let’s Encrypt documentation website – https://letsencrypt.readthedocs.org/en/latest/using.html