After years of having to manually renew certificates (I’ve used StartSSL in the past), Let’s Encrypt is finally live and will allow you to automate this process by installing an agent and a cron job.
Here I’m trying to install certificates on multiple blogs on the same server.
It’s stupidly easy to do:
- Go here: https://certbot.eff.org/
- Follow the on-screen instructions
- THAT’S IT!
Amazing right? Well I did run into a few errors but they were easily solved:
- No valid IP addresses found for [website]
- Make sure your DNS A and CNAME records are correct with the correct IP
- Incorrect validation certification for TLS-SNI-01 challenge
- This I found was due to two issues I had:
- I forgot the site was no longer hosted on my server so the DNS record was pointing to another host anyway
- You need to have SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile values set in your Apache configuration. Even if it points to empty files, it’ll work. Of course this is probably because I had values there earlier. I haven’t tested this but if only “SSLEngine on” is set, it should still work.
- This I found was due to two issues I had:
- DNS problem: NXDOMAIN looking up A for [website]
- Make sure you have a CNAME record for the subdomain (e.g., “www”)
- Redirect HTTP traffic to HTTPS no longer works
- All you have to do is adjust the 000-default configuration to the following:
- All you have to do is adjust the 000-default configuration to the following:
Also be sure to protect your sites from POODLE. Analyze your site here: https://www.ssllabs.com/ssltest/analyze.html
That’s all folks. If you have any issues please let me know in the comments.
Recent Comments