Using Let’s Encrypt SSL certs on your site


Since the early 2010s, there has been a strong push towards security and encryption on the internet. To encourage encryption, Google will prioritize your site higher if it’s encrypted, even if your content is not as good.

In general, setting up an SSL certificate for your site is not that difficult, as long as you’re willing to let your hosting provider do that work for you and pay for their work.

For me, at 1and1, it costs me around $70 per year for multi-subdomain SSL encryption per domain. They have a cheaper, single domain certificate for $30 per year. Now you might think, neither $70 or $30 seem that high to me. And that’s true, if you only have 1 or 2 domains. But what if you have 5 domains and you want encryption for the subdomains therein? Now you are looking at $350 per year for just encryption.

This is the reason I looked into Let’s Encrypt certificates. They are free, though I strongly recommend you donate to their efforts, and while not all hosting providers make it easy for you to use the Let’s Encrypt certificates, you can pretty much use them anywhere.


Important note, these instructions are for setting up an SSL cert on a machine other than the host. Meaning, if you run your own server, either via VPS or cloud, or an actual physical host, you should follow these instructions:

However, if you are like me, and you have a shared hosting contract and cannot install certbot on the host and therefore require to get the certificates on a different machine, please follow these instructions:


  • Begin the process of getting the certificates by using –manual so the certificates are not installed locally when finished (You may need to do it  as sudo as certbot will create a log in /var/log/…).
sudo certbot certonly --manual
  • Enter the appropriate email address
  • Accept the terms of service
  • Decide whether or not to share your email address
  • Enter the domains for which you want to create a certificate. You can create as many as you want, they just need to be comma-separated. For example:,,,,,
  • Enter Yes for the IP being logged
  • For each domain you entered in the step above, you will need to validate ownership. For this step certbot will ask you to create a file under
  • So if you entered 2 entries (domains or sub-domains) above, you will need to create 2 files under the location above. Below is an example:
Create a file containing just this data:

And make it available on your web server at this URL:
  • In the example above you would do the following:
SSH to the host of your application or site
Navigate to /home/<your-username>/www/.well-known/acme-challenge
echo "xqIp_322onZb-HoSQOV2WOBxVjVbj9LBUEaEQ.F13uE1z6yJ7yryfWPyI_Wt3DrKfeCTp8UOVIfE" > xqIp_KmB32Zb-HoSQOV2MBxVjVbj9LBUEaEQ
  • Do that for all of the entries.
  • If the process is successful you should get this:
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:

Your cert will expire on 2018-05-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
Donating to EFF:
  • At this point the certificates have been created and ready for use. You will now need to copy them over to your host. The certificate is under the fullchain.pem file and the private key under the privkey.pem file. In my case, I had to copy and paste the contents of both files into my hosting provider SSL manager tool.
  • To view the certificate do this (note these are only examples)
sudo cat /etc/letsencrypt/live/
  • Not there are “two” certificates, you only need to copy and paste the first one. Also, make sure to copy and paste the “Begin” and “End” certificate parts (copy lines 2 – 19)
  • The same will apply to the private key under privkey.pem.

That’s it, you should now have FREE SSL encryption working on your host and you have saved enough money for a well-deserved cup of coffee.



Going more secure…

I have been trying to secure our digital life more and more these days. Most folks forget that it was until recently, think 2013, when Snowden revealed much of what we now know about various surveillance programs, most websites didn’t use HTTPS for anything other than purchases. Obviously, this this changed drastically and now you’d be hard-pressed to find a site which does not encrypt its communications with the user.

So for this reason I want to share our path towards evermore stringent security.

As a 21st century family, we make heavy use of Evernote. It’s a way to store and share information. And while communication between your device and evernote servers is encrypted, as you know, if a bad actor got access to your device he/she would have full access to all of your data, not to mention of Evernote servers were hacked. We used to keep (yes, pretty dumb) very sensitive information in Evernote. From passports to usernames, to passwords, you name it… everything.

So yes, dumb, but tell me what other service provides you the ability to store sensitive information in a secure way and the ability to share? We could encrypt it using GPG and store and share on Evernote, but that can get complicated amongst the entire family (GrandMa included).

The solution was LastPass family service. LastPass family is basically a water-down version of their enterprise offering. The best way to view it is as a discounted premium subscription at a cost of $0.66 per user (with a maximum of 6). For me, it’s costing me more like $1.00 per user per month because I only have 4 people in my family that can make use of it.

So why go with LastPass family vs just LastPass premium, other than the savings (I was already paying for two premium subscriptions), folder sharing.

Just like Evernote, you can create a folder/notebook, that you can use to share any type of data amongst users. You can share text and files (though the files needs to be enclosed as part of a note, just like on Evernote) and give access permissions to various members of the “family”.

Most people are used to LastPass on their browser, as an add-on, but they also offer an application for your computer, which makes the transition much easier.

So far, what I have moved over is anything that is sensitive. Passwords were already in LastPass since a few years back, but objects like passport photos, financial information, birth certificates, etc, have been imported into LastPass family.