Certificate Generation using Let’s Encrypt

This article will talk about – Let’s Encrypt and Certbot, Installing it and why should we be using it. From there, you can take a dig at the advanced features.

Please make a note that I’ll be using LE instead of Let’s Encrypt in a few places throughout the article.

What Is Let’s Encrypt?
Let’s Encrypt is a Certificate Authority that issues Certificate to enable HTTPS on your websites. So to generate a certificate you must be able to prove that you own that domain. For this purpose we must be using an ACME protocol.

Certbot, is one of the ACME client that serves this motive. LE recommends to use this client on their website but it’s up to you to use it or not.
For more details on what is an ACME protocol, check this out -> https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html

Installation –
What can be better than using ansible to install this?
Let’s do it with a playbook.

Firstly, add the certbot repo –
– apt_repository:
    repo: ‘ppa:certbot/certbot’
Next, Update and Install Certbot –
– apt:
    name: “{{ item }}”
    update_cache: yes
  – certbot     

That’s it!! Yes, that’s it. Sounds simple right.Certbot uses its own internal web server to generate the certificates. Now, you have your own server that is capable of generating certificates for your websites.

Command to generate the certificate
certbot certonly –manual -d <your_domain> –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory–agree-tos

Command explanation
The manual tag indicates that you are going to generate a certificate manually using certbot.
https://acme-v02.api.letsencrypt.org/directoryis the certificate generating end point. Please remember that if you are just testing, don’t use this endpoint as this has rate limits per domain. Instead use the staging URL – https://acme-staging-v02.api.letsencrypt.org/directory.

Command execution
When you execute the above mentioned command it generates a text record. You have to save the text record for the domain in route53. And then continue the command execution. Next, the authentication runs and the certificate is generated.

Why letsencrypt / certbot?
– It’s open source. What’s more important than this? Haha !!
– It’s secure.
– Easy to use.
– Automation Friendly.
– Generates certificates for wild card entries as well.

The whole certificate generation and renew process can be automated. When I write my next article on certbot I’ll talk about this.