<< Back
Enable HTTPS with Let's Encrypt has enabled HTTPS as its default protocol, with the power of Let’s Encrypt.


When properly configured, an HTTPS connection guarantees three things:

  • Confidentiality. The visitor’s connection is encrypted, obscuring URLs, cookies, and other sensitive metadata.

  • Authenticity. The visitor is talking to the “real” website, and not to an impersonator or through a “man-in-the-middle”.

  • Integrity. The data sent between the visitor and the website has not been tampered with or modified.

A plain HTTP connection can be easily monitored, modified, and impersonated.

Quoted from

About Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).

Contribute to letsencrypt on GitHub.

About ACME

ACME Protocol


Boulder is an ACME-based CA, written in Go.



Get Certificate

As the letsencrypt-nginx is not fully developed, I choose certonly to generate SSL certificate and configure nginx manually.

./letsencrypt-auto certonly --webroot -w /path/to/webroot --email -d

Nginx Configuration

Configure nginx.conf

ssl_certificate      /etc/letsencrypt/live/;
ssl_certificate_key  /etc/letsencrypt/live/;

ssl_session_timeout  1440m;     

Others are as default.

Certificate Renewal

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.


Actually, is a full static site. Almost no difference on performance. :D

In The End

Safe journey on :)