Parliament Hill Computers LtdParliament Hill Computers Ltd

How to Configure Let's Encrypt with


Who are you ?

You maintain one or more web Apache or Nginx servers on Unix/Linux systems. You do so by maintaining the httpd.conf by hand — ie not via a configuration wizard. You like to understand what you are doing — not just apply a recipe and hope that it works.

Why are you here ?

You have been meaning to get round to this for some time, but have not because of one or more of ...

See notes you want to create a self signed certificate.

What you will find here

Notes and scripts that will let you set this all up in about an hour.

There are a set of pages that explain what and why needs to be done, also some simple scripts to help with the setup and running of Let's Encrypt interaction. A simple template OpenSSL.cnf file is provided with explanation of how you tweak it for your site.

You will need to reconfigure Apache/Nginx in two phases.

You can start by downloading the latest LetsEncryptManage

These instructions work with both Apache 2.2 & 2.4 and also Nginx. The tar file contains some snippets of sample configuration file.

This includes acme_tiny which you can see at

Pages in this tutorial

  1. Big picture — why do we SSL need certificates anyway ?
  2. How Let's Encrypt works
  3. OpenSSL Certificate families and Let's Encrypt Accounts
  4. Overview of how phcl_acme works with acme_tiny
  5. Install of phcl_acme
  6. Understanding and generating OpenSSL.cnf files
  7. First edit of Apache configuration — for Let's Encrypt challenge-response
  8. Generate, test & ask Let's Encrypt to sign a Certificate Signing Request
  9. Second edit of Apache configuration to install certificates
  10. Ongoing maintenance
  11. Chaining Let's Encrypt Certificates
  12. Using Let's Encrypt certificates in a non web environment

Return to tutorial home.

If you want any help using the above, or have any comments or suggestions, please contact us.