How To: Install A Free Trusted Certificate From LetsEncrypt

Finally, a free and secure internet for everyone!

Reasoning 

So what's all the hype about everyone needing a secured website these days? Isn't the internet we have secure enough? I think you can answer that for yourself. With all the malware and viruses being perpetrated these days, it is more important than ever that all our communications are secured. The following are some good articles with background information on the topic:

Now that we have established that SSL Certificates are a necessity, we need to look where to get one. Up until now they have always been relatively expensive, often costing well over $100 per year. On top of that, they weren't easy to install either.

That all has changed with LetsEncrypt.org! They are offering free SSL certificates for web sites, and include their own installer to boot. This guide will walk you through the process of installing it on your Forge-managed server.

Preparation 

LetEncrypt has entered public beta as of 3 Dec 2015. Once it goes live I will update the process, as things are likely to change somewhat.

Please be aware of the following gotchas before continuing:

  • LetsEncrypt certificates are only valid for 90 days.
  • Automatic renewal functionality is a bit tricky to implement -- will cover that more in a future update.
  • The nginx installer is not yet functional, so you will have to stop nginx while you are creating or renewing certificates.
This complete process is customized to your domain names (separate with space, the first one should be your forge server):   It also needs the admin email address you want to have displayed on the certificate(s):

Procedure 

  1. SSH into your production server:
    ssh forge@
  2. Make sure python and git are installed:
    sudo apt-get install git python
  3. Download the LetsEncrypt client from git: 
    cd ~
    git clone https://github.com/letsencrypt/letsencrypt
    cd letsencrypt
  4. Turn off nginx temporarily for the installation process:
    sudo service nginx stop
  5. Lets run the installer:
    sudo ./letsencrypt-auto certonly --standalone --agree-tos --redirect --duplicate --text --email {{ email ? email : emailPlaceholder }} -d {{ domain }}
  6. All done! Let’s turn nginx back on:
    sudo service nginx start
  7. Open a browser and log into Laravel Forge.
  8. We will copy and paste the relevant certificates for each of your domains:
    • {{ domain }}
      1. Navigate to Sites > {{ domain }} > SSL Certificates > Install Existing Certificate.
      2. Terminal: sudo cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
      3. Copy/paste the private key to your the appropriate field in Forge in your browser.
      4. Terminal: sudo cat /etc/letsencrypt/live/{{ domain }}/fullchain.pem
      5. Copy/paste the public key and authority chain to your the appropriate field in Forge in your browser.
      6. Click Install Certificate.
      7. Click the lock icon on the certificate entry to activate the certificate.
      8. Go to {{ domain }} and check it out!
You will want to also check to make sure your server is configured to be as secure as possible: Diffe-Hellman Fix.

Sources