Let's encrypt with Raspberry Pi
(updated: I found a better way here.)
Let’s Encrypt started public beta today.
It provides free and semi-automated certificate issuance/renewal/revocation.
With this, you can serve your web application securely with HTTPS.
1. Install Let’s Encrypt
You can install Let’s Encrypt by simply cloning its repository on Github.
2. Create & install certificate
On Raspberry Pi, it will take some time everytime when you run the command.
It will show all options and their descriptions.
Then run it again with desired options:
When –apache is given, it will configure things up for Apache by itself.
With –redirect, access requests to HTTP will be redirected to HTTPS automatically.
If certonly –standalone given, it will just create certificate files, keeping all others untouched.
After some time, it will show a report of the issuance and some guide about backing up your files, so read them carefully.
3. Renew certificate
Installed certificates will expire in 3 months due to the policy of Let’s Encrypt.
But we can renew them easily with executing the command again:
It would be handy if you put this command in your crontab:
Then it will renew certificates on the 1st day of every month, 05:00.
4. Wrapping up
I’m running my Raspberry Pi’s web server with a free DDNS service: DuckDNS.
I didn’t want to pour my money on issuing SSL certificate for xxxx.duckdns.org, so I couldn’t run it on HTTPS.
But now, thanks to Let’s Encrypt and DuckDNS, my Raspberrry Pi can serve its web application on HTTPS without any cost.
What a wonderful world!