Let’s Encrypt

Posted by Spencer on January 26th, 2016

I proudly installed my first GoDaddy cert back in 2014. A regular cert is only valid for a single specific site, in my case, spencerponte.com. It is not valid for subdomains like this blog. For that you would need a wildcard cert, which covers all subdomains as well. Unfortunately GoDaddy was charging more than four times the price of a regular cert to get a wildcard, so that was out of the question. Another option, buying two different certs also seemed expensive and annoying.

And so for the last couple years this blog has done without HTTPS. I’ve been learning a lot about Let’s Encrypt though, and decided to give it a shot. Let’s Encrypt is a new, free, open certificate authority that takes a different approach to validation.

On your server, Let’s Encrypt consists of a certificate management agent that you run yourself, which automates the process of getting and updating certs. To install, I followed the directions for a standalone install; I wasn’t interested in messing with my GoDaddy certs just yet. It took a few tries due to various permissions issues, but eventually the cert and other relevant files were generated. I updated the blog’s apache config to listen to port 443 and use the new Let’s Encrypt certs.

It worked! Don’t take my word for it- check out the green lock in your address bar.

The default expiration date for certificates issued by Let’s Encrypt is 90 days. I think I’ll plan on manually renewing the cert sometime before then and, if that goes well, write a script to automate the process.

Posted in Coding, Tech