Programming Blog

Jeremy Morgan

Mostly Coherent Ramblings of a Silicon Forest Software Developer

How to Set Up Free SSL for Your Website

By: Jeremy Morgan

If you’re reading this then welcome to the new server! Due to my web host taking a huge nose dive, I had to scramble to find new hosting. In doing so I explored SSL solutions and a friend suggested Let’s Encrypt. I liked the experience so much I thought I’d share it.

My Predicament

So my old host (unnamed) just imploded. What started as a nice little company with fast servers and great support, got bought out. The new company did what many big companies tend to do, which is cut costs and lower the quality of the product. They did this by giving us all a “server upgrade” which turned out to be a terrible service. The traffic from my site was crashing the cheap server quite frequently. I would call and get no answer, and emails were answered by outsourced support personnel who were just copying and pasting text into emails to me. 3 years of solid service vanished overnight.

So, I needed to move my site fast, and since I have SSL and all my pages are spidered in Google with SSL, it would be wise to continue using it. I didn’t want to even attempt to ask these support people to export my cert to move it here so I started looking at options. So I looked at LetsEncrypt. Since I moved my site to a nice new Linux server I knew this would be an option for me, and decided to give it a try.

How to Install Free SSL/TLS

So I had my nice little NginX server set up and all I had to do was the following:

sudo apt-get install git
git clone
cd letsencrypt
./letsencrypt-auto --help

This installed the per-requisites and the LetsEncrypt app. They have two options for installing the certs, one is a standalone method, and the other is a “webroot” plugin. The standalone method requires you to stop your server, while the webroot option will do it with the server running. I wasn’t too worried about stopping things so I simply ran:

sudo /home/web/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html -d -d

And that created my certs. I wanted to strengthen things up a bit, and I’ll show what I did

Generate Strong Diffie-Hellman Group

To generate a strong Diffie-Hellman group, I ran the following command:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Note the location of the cert, I’ll be adding that to my default config. Here is everything I added to it:

listen [::]:443 default_server;
listen 443 ssl default_server;

  ssl_certificate     /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;
  ssl_trusted_certificate /etc/letsencrypt/live/;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_stapling on;
  ssl_stapling_verify on;
  add_header Strict-Transport-Security max-age=15768000;

After that, save the file and restart Nginx:

sudo service nginx reload

Is that it? Yes that really is it.

Now I have a nice little green lock there. Not much different than the last cert I had:

Not too bad huh?


I shared this so you can see exactly how easy it is to use LetsEncrypt to set up free SSL certs for your site. The aim of this project is to encrypt everything, which is a fantastic idea.

So go grab a $5 server put a Free SSL cert on it and you’re good to go!

What do you think? Share it in the comments.

Do you like articles like this?

I’m constantly hacking on stuff and writing about happenings in the programmer world. You can subscribe to my feed here, or you can get the hacker newsletter 100% spam free!

You can also follow my projects on GitHub: