letsencrypt free ssl

step1. go to clone the free ssl project (letsencrypt)

if your website need ssl, and you can use ssh to login your server! Just do it! It’s all free!

#First step clone the project
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

#go to the folder
cd /opt/letsencrypt

#gen the cert , if you're not useing apache
sudo ./letsencrypt-auto certonly --webroot -w /var/www/test.com.tw/ -d test.com.tw

then wait

step2

it will popup a blun screen to ask you input the email

then done!

just edit your web server config, here is nginx setting

ssl on;
       ssl_certificate /etc/letsencrypt/live/test.com.tw/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/test.com.tw/privkey.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache shared:SSL:10m;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.4.4 8.8.8.8 valid=300s;
        resolver_timeout 10s;

        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

and finally you got your free ssl!

if you doning the right setting , free ssl also make it to RANK A

ps: It’ll expire after 3 month, you need regenerate again!

other information please reference to https://letsencrypt.org/

20170602 updated

Now you can install certbot with  package!
https://certbot.eff.org/

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

$ certbot --nginx