Free SSL Certificates using LetsEncrypt and certbot

Open source SSL certificates provided by LetsEncrypt, installation and renewals covered by certbot

LetsEncrypt is a new open source style certificate authoritory.

Certbot makes the whole process of installing these certificates (and for that matter renewing them) and configuring Apache a lot easier.

I wont go into how to install certbot on this page, they have very good documentation on their site. Simply go to their home page and enter in your operating system details and you'll get instructions for your OS.

After you run through the instructions on the certbot home page it will have automatically configure the Apache files in your sites-available folder.

Two things I thought I'd jot down for future reference:

At this point of writing certbot only supports one VirtualHost per apache configuration file, so if you have any redirects etc you should move them into a separate file for that domain.

You will see a new your-site-le-ssl.conf in your sites-available folder, there is one thing with regards to Plone that you'll need to update.

In your Apache file  you'll likely have a line similar to this:

RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/%{HTTP_HOST}:80/your_site/VirtualHostRoot/$1 [L,P]

In your new your-site-le-ssl.conf file update that line to look like this:

RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/%{HTTP_HOST}:443/your_site/VirtualHostRoot/$1 [L,P]

So near the '{HTTP_HOST}' part, instead of http, update it to https. Then the :80 part update to :443.

an apache2ctl graceful after that and you'll be rockin' and a rollin'.

Finally, certbot recommend you run their renew command twice a day via cron, if the certificates aren't up for renewal nothing will happen. I just stuck the renewal in cron.daily which runs on that particular day before the certificate will expire anyhow.

Happy certificating!