In the age of enhanced internet security having your content delivery via a secure-encrypted connection became paramount. This has gone so far that even google started favoring websites that have SSL over the ones that do not.
This brought the need for an open-source, free certificate authority that will allow you to protect your assets with a certified CA which was embodied in Let's Encrypt foundation at the end of 2015. Let's Encrypt allows you to generate a CA valid certificate for your domain free of charge. Today we'll be discussing on how you ca n acquire it and apply it to your StackPath site:
Certificates generated through Let's Encrypt are valid for 3 months and do NOT auto-renew. Be sure to re-issue the certificate and upload it to StackPath before 3 months to ensure the site continues working normally.
- Generating a certificate with Let's Encrypt is fairly simple - all you need to do is shell access to your server. Certbot provides with all the info on how you can generate a certificate based on your server and OS solution.
- Please make sure that the domain you are trying to issue the certificate for is pointed to your server IP. The validation in LE end requires that you're pointed to your server IP. So whether you're generating a certificate for www.domain.com or cdn.com please make sure that they are pointed to your server IP as an A record.
- Upon implementation the easiest way to verify whether the certificate is installed correctly is by running a quick test on the SSL Checker - if all tests return a green check mark, the implementation went as expected.
- Once the validation is passed you can use the relevant certificate, ca, and key files and add them to your StackPath site through SNI.
- Repoint your domains to your StackPath site as a CNAME