In December 2016, I wrote a post on this blog about StartCom SSL free certificates. StartCom (and WoSign) aren't trusted anymore.
If Internet Explorer and Edge are trusting StartSSL root certificates, this is not the case with Google Chrome. I had to move to another product. Letsencrypt is the Certificate Authority of choice : they are :
- trusted by most internet browsers
- providing even SAN certificates
- supported by majors companies
- but very short time limited! (by design)
This web server is running nginx on debian (Jessie) and is hosted at exoscale, a swiss cloud provider. I installed Certbot (an ACME client to request the certificate and to automotically renew it). It worked like a charm!
Here are some basic steps I needed to do, in order to have it running:
Add the following line in the file /etc/apt/sources.list
deb http://ftp.debian.org/debian jessie-backports main
Then, don't forget to backup :
- your new nginx configuration file(s)
- Letsencrypt directory, under /etc/letsencrypt
Lastly, check the cron will run, as specified under:
The log files are available in: