Getting Started With Let's Encrypt
Let's Encrypt is a new certificate authority, run in a cooperative effort with the goal of making it easy for everyone to obtain and renew the certificates needed to enable secure encrypted connections for their domain. It's free to use, uses open standards and open source software, and provides certificates via a fully automated process. Major sponsors of Let's Encrypt include the Mozilla Foundation and the EFF.
Let's Encrypt entered public beta on December 3rd, so there was no longer any good reason to hold back from obtaining a certificate for my site. This blog post will go over the steps I took to get set up with a Let's Encrypt certificate, and to get everything working.
The documentation for the Let's Encrypt client can be found here: https://letsencrypt.readthedocs.org/en/latest/intro.html.
I prefer to run my site on Debian, with nginx as the static file server and as a reverse proxy for my Django apps, which run on top of Apache. Since the nginx plugin for Let's Encrypt is currently 'highly experimental', I decided against using it. Additionally, my config files are jinja templates kept in version control, and are populated and pushed by Ansible …