Wow, That was Easy .. SO if you are not using it you should, NOW.
Little Back Story: March 8th SecKC Meeting @jamespugjones spoke about his project @LetsEncrypt LetsEncrypt.org. If you were not there you should watch it at SecKC Videos. It was an excellent talk. My takeaway from it was that everyone should be running securely (duhh it was SecKC meeting), but he also showed a way for everyone to do it. Use Lets Encrypt!!(Did I mention it was free?)
So this morning I decided to give it a try on my AWS stack. Here are all the steps.
$ sudo apt-get update
$ sudo apt-get install git
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ sudo ./letsencrypt-auto --apache
Then it walked you through menus:
- select the sites on this server you wanted to apply the Cert to
- Then some agreements (of course)
- HTTP and/or HTTPS for your site
- complete. Wow .. (even a windows sys admin can complete this).
Now you have a cert on your website. The Cert is good for 90 days and you can automate the renewal with a simple Script (next blog post).
Note: If you (like me) have some staged sites on your server that are not live yet, just don’t select them on the Screen that selects the Cert to apply to, you will get errors.
Oh yeah, by the way. SSLLabs.com scan of one of the sites after installation