I've used LetsEncrypt, and found the process painless.
- Code: Select all
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache
Once installed, you can check the world's a happy place:
- Code: Select all
certbot renew
And if so, set things up so that your 90-day certificate is renewed monthly (change [slash] for /):
- Code: Select all
echo '@monthly root /usr/bin[slash]certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc[slash]crontab
Done. Then alter your sites-available file to include the optional redirect HTTP to HTTPS and the mandatory location of the SSL certificates:
- Code: Select all
<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} =bbs.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/bbs.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bbs.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
PS: did you know, I can't save drafts or submit here because of a 403 Forbidden error, when there's a slash before a c within a BBCode Code block? How random is that?