WARNING: High levels of NERD ahead.
I started using CloudFlare’s free tier on this blog, before Let’s Encrypt burst onto the scene, mostly for their universal SSL. However, as joepie91 recently pointed out, this means that by design, CloudFlare has to decrypt all SSL traffic, and then re-encrypt it to send it to your original site with its self-signed or generic certificate (in my case). Apart from this, CloudFlare is a bit of overkill for this low-traffic site.
Because I don’t need much of an excuse to try out something new, I used this as my excuse to try out Let’s Encrypt, a fantastic new(ish) service which issues free 90 day certificates to anyone who can verify their domains.
I was shocked with how easy this was on the webfaction shared (non root) hosting I’ve been using for years, and so I had to share.
WITNESS THE GREAT EASINESS:
Step 1: Install acme.sh
These two steps are to be performed whilst SSH’d in to your web host.
<p> First we install <a href="https://github.com/Neilpang/acme.sh">the wonderful acme.sh</a> by following the one-liner on its website: </p> <div class="org-src-container"> <pre class="src src-sh">curl https://get.acme.sh | sh
<p> At this junction, as they say, it’s best to log out and in again, so that the acme.sh alias and environment variable can be setup. </p>