Encryption is hard. Let’s Encrypt makes it extremely easy. How easy? You can have an SSL certificate for your nginx site in under 10 minutes.

1. Install Let’s Encrypt

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

2. Obtain a Certificate

$ # Shut down nginx temporarily
$ service stop nginx

$ # Generate a cert
$ ./letsencrypt-auto certonly --standalone --email me@email.com -d mydomain.com

You can add multiple domains by supplying multiple -d parameters.

3. Update Nginx Configuration

Open your site’s nginx configuration and add the following:

listen 443 ssl;
server_name mydomain.com; # Replace with your domain
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

4. Done

Just start your server and test the connection.

$ service nginx start

Conclusion

Let’s Encrypt is awesome. In less than 10 minutes I was serving this website via sweet, sweet 256-bit encryption and now you should be able to do the same for your sites. Get going!

Questions or comments about this article? Let me know at tommylackemann [at] gmail [dot] com