“Easy” install of free SSL certs from letsencrypt.org for Debian 8 (Jessie)

Letsencrypt.org is a new certificate authority that provides FREE SSL certificates for web hosting, but even better than the fact they are open, is the fact they’re entirely automated. No creating a CSR, no verifying your identity to a company 8,000 miles away or even waiting for an email. No downtime either. I’m running a Debian 8 server and I tried following their instructions, and those found at certbot.eff.org, but repeatedly hit dependency issues. Whether their documentation needs updating or not, if I ever need to do this again I need a set of instructions that actually work, so here it is.

You may still need to add the backports repository to your list of sources for apt, in which case:

%sudo nano /etc/apt/sources.list.d/backports-for-certbot.eff.org.list

and add the following line:

deb http://ftp.debian.org/debian jessie-backports main

With that done, the following lines should get certbot installed with the apache plugin which you’ll need to auto-configure each domain you want to serve securely.

%sudo apt-get -t jessie-backports install certbot
%sudo apt-get install libaugeas0
%sudo apt-get install python-certbot-apache

%sudo certbot --plugins

Output:

* apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator

* standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator

That confirms that the apache plugin is installed. Now you just have to issue one command to install SSL for any domain on your server. It may be obvious to some, but I had Cloudflare services enabled for my domain and that prevented the install procedure from working so if you’re using Cloudflare you’ll have to turn it off for now.

*NOW* it’s easy.

    %sudo certbot --apache

It’ll ask you which domains to install for and present a list of all those you have in your virtualhosts:

    [*] example.com
    [*] www.example.com
    [*] another-example.com

It will install for all domains marked with an asterisk. To remove an asterisk you just use the cursor keys to move up and down the list, and hit space to change the setting.

Answer the questions and… job done.