What is letsencrypt (LE)?

From the Let’s Encrypt website:

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.

Which browsers support the Let’s Encrypt CA?

Most modern browsers include the LE’s CA. For more info regarding LE’s certificates, please see this page https://letsencrypt.org/certificates/

How long are Let’s Encrypt certificates valid for?

Certificates are valid for 3 months at a time. This short expiry encourages issuing new certificates by an automated means. You can renew the certificate before the 3 months are up.

Installing letsencrypt

1. Install the letsencrypt certificate client, certbot:

Note; for CentOS 6, you’ll need to install certbot manually, https://certbot.eff.org/#centos6-apache

For CentOS 7, install certbot with yum using the EPEL repository.To install certbot with yum, you’ll need to ensure that you have the EPEL repository enabled.

yum install certbot -y

2. Configure letsencrypt certificate on CentOS Linux

In this example, we’ll assume:

• DNS is configured to point to the domain/subdomain that you are requesting a certificate for
• webserver and virtualhost is configured for the domain/subdomain

Retrieve certificate using the webroot authentication method:

certbot certonly --webroot -w <PATH_TO_YOUR_VIRTUALHOST> -d www.<YOUR_DOMAIN> -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS> --agree-tos

Once verified, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN>