Technology Solutions for Everyday Folks

Hey, Let's Encrypt!

As I'd mentioned in the past, one of the key reasons for changing up my personal hosting plan was to support Let's Encrypt, the free and open Certificate Authority. In 2019, there is absolutely no need for a regular old website or service to pay some exorbitant rate for an SSL certificate. The premium options (extended validation and such) are an entirely different arena--think banking and other services--but those are out of scope for everyday Joe.

Due to my particular configuration, I can't fully automate the enrollment or renewal process for certificates--a bummer...but something I'm willing to live with. As a result, I was curious how much legwork this would require to set up and maintain.

After some various Google searches, I stumbled across a post about using CPanel to install your certs. Since I'm now a CPanel user with a non-traditional sort of setup (namely no root-level SSH access and a variety of virtualhost directives), I figured it might apply to me. And it most definitely did. I highly recommend skimming through it, as it helped me wrap my head around how to use a tool like CPanel to handle all of this...something I was struggling with a bit.

My regular day job involves periodic certificate business, but as our organization is a member of the InCommon Federation my regular business with requesting, generating, and issuing/installing certificates is wholly different. I bolt certs into all sorts of things--LAMP environments, Windows/IIS, and custom/vendor apps, and so I'm most familiar with taking my own CSR to the issuer/authority.

In this case, by using the sslforfree service as my front-end one-stop, it literally took five minutes to get this installed--start to finish! Since I didn't use the auto-upload option (which required my manually uploading the files to the host), it could've been even less time. And the best part: It. Just.Worked.

Mind. Blown.

It'll be interesting to see how the renewal part goes...namely whether or not a proper 'renewal' is even necessary (as opposed to just generating a new cert and revoking/abandoning the old). Time will tell...and that time comes in just shy of 90 days.

At any rate, everyone should be using SSL whenever possible...and the Let's Encrypt CA makes that easy for most folks!