You can get free and valid SSL certificate from Let’s Encrypt. In this article, I will go through the steps to install Let’s Encrypt SSL certificate on Apache running on Amazon Linux.
Things you should know about Let’s Encrypt:
1. Let’s Encrypt’s certificates last for 90 days old.
2. Let’s Encrypt does not offer wild-card certificates.
1. An email address.
2. The domain pointing to a directory on the server, that’s accessible on the Internet. Let’s Encrypt servers will access a file on http://yourwebsite.com/some_secret_file_name to validate that you own the domain.
1. Install some requirements for the following steps.
yum install python27-devel git
2. Clone the letsencrypt repository and run the installer.
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
3. Create a config file that will be used for new certificates and renewals. It contains the private key size and your email address.
echo “rsa-key-size = 4096” >> /etc/letsencrypt/config.ini
echo “email = firstname.lastname@example.org” >> /etc/letsencrypt/config.ini
4. Request a certificate for your domain and it’s www subdomain. You must also specify the root directory of the domain.
/opt/letsencrypt/letsencrypt-auto certonly –webroot -w /var/www/yourdomainroot -d yourdomain.com -d http://www.yourdomain.com –config /etc/letsencrypt/config.ini –agree-tos
5. Remove the directory that was used for validation. This step is optional.
6. The certificates are located at /etc/letsencrypt/live/ and the last thing is to update your webserver’s configuration. For apache it will look like this:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”
7. Be sure to add the renew command in a crontab. Refresing your webserver command should also be here.
/opt/letsencrypt/letsencrypt-auto renew –config /etc/letsencrypt/config.ini –agree-tos && apachectl graceful
This article is taken and modified from: