Letsencrypt.org is a new certificate authority that provides FREE SSL certificates for web hosting, but even better than the fact they are open, is the fact they’re entirely automated. No creating a CSR, no verifying your identity to a company 8,000 miles away or even waiting for an email. No downtime either. I’m running a Debian 8 server and I tried following their instructions, and those found at certbot.eff.org, but repeatedly hit dependency issues. Whether their documentation needs updating or not, if I ever need to do this again I need a set of instructions that actually work, so here it is.
You may still need to add the backports repository to your list of sources for apt, in which case:
%sudo nano /etc/apt/sources.list.d/backports-for-certbot.eff.org.list
and add the following line:
deb http://ftp.debian.org/debian jessie-backports main
With that done, the following lines should get certbot installed with the apache plugin which you’ll need to auto-configure each domain you want to serve securely.
%sudo apt-get -t jessie-backports install certbot %sudo apt-get install libaugeas0 %sudo apt-get install python-certbot-apache %sudo certbot --plugins
* apache Description: Apache Web Server - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator * standalone Description: Automatically use a temporary webserver Interfaces: IAuthenticator, IPlugin Entry point: standalone = certbot.plugins.standalone:Authenticator
That confirms that the apache plugin is installed. Now you just have to issue one command to install SSL for any domain on your server. It may be obvious to some, but I had Cloudflare services enabled for my domain and that prevented the install procedure from working so if you’re using Cloudflare you’ll have to turn it off for now.
*NOW* it’s easy.
%sudo certbot --apache
It’ll ask you which domains to install for and present a list of all those you have in your virtualhosts:
[*] example.com [*] www.example.com [*] another-example.com
It will install for all domains marked with an asterisk. To remove an asterisk you just use the cursor keys to move up and down the list, and hit space to change the setting.
Answer the questions and… job done.