We’ve all been there: buying self-signed certificates is a bit annoying, especially when it comes to wildcards. A new project has been around for a couple of months now, it’s called Let’s Encrypt.
It’s basically a bunch of scripts that will help you sign certificates for your Apache/Nginx vhosts… and for free, no less! The good news is that these certificates will be recognized by pretty much any browser. Farewell, security alerts! The bad news is: no wildcard support for now. Well… that’s not exactly bad news, since you can create as many certificates as you want, and SNI is rather widespread now.
Installing Let’s Encrypt
Creating/signing a new certificate
Checking your certificates
Certificates signed with Let’s Encrypt will be valid for 3 months. All the more reason to crontab a script I whipped up for the occasion:
The crontab entry will need to look something like this: