Did someone say free SSL certificates?

Yes they did. I just learned of Let's Encrypt Authority which is an open source certificate authority. It is so easy to encrypt your site with SSL using Let's Encrypt and Certbot (the medium used to create and add the certificate to your site). The blog you're reading is encrypted with Let's Encrypt and the following is what made it possible.

Screenshot of LE Cert in Chrome

Assuming you already have a site setup (I'll do a how-to about that later), the following is how to set up an SSL cert in Ubuntu 16.04:

apt-get update
apt-get install python-letsencrypt-apache
letsencrypt --apache

That will walk you through a setup process. Highlight the domains you want encrypted, agree to its terms, and voila!

That was easy right?

As for certificate expirations, your usual certificate from someone like Comodo lasts for 1 year. In this case, the certificates are leased for 90 days. Yes, that does seem short, but they have their reasons.

To test to make sure renewals will work correctly (which they should), run the following:

letsencrypt renew --dry-run --agree-tos

Apparently in Ubuntu 16.04 there is a bug concerning the email not being filled, you can just ignore it. It will still function. If that otherwise works, you can create a cron or systemd task to run twice daily the following command:

letsencrypt --renew

Certbot and Let's Encrypt works on more than just Ubuntu, it is supported on a wide array of unix/linux-based platforms (Not IIS if you're wondering), check it out:


**Edit** (10.26.16): I went to use Certbot on my DigitalOcean VPS that is running Ubuntu 14.04 with Apache and it didn't work... rather it required a little extra effort. Using the program works relatively the same, but installation won't work via apt as the letsencrypt package wasn't created for that build of Ubuntu. Instead, do the following: ```bash wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto --apache ``` I recommend putting this somewhere such as /opt/certbot/ and then adding that directory to your (or the global) path.

Edit 2 (11.04.16):
If you're interested in how it all works, this is a good read.