Well, title says everything basically. I've switched to Let's Encrypt for my HTTPS needs. Or actually curiosity and lazyness needs.

I want this

How to get this up and running on a Debian system running nginx:

$ git clone https://github.com/letsencrypt/letsencrypt.git
$ cd letsencrypt
# ./letsencrypt-auto -d blog.luukhendriks.eu auth

Then, in the menus, do:

• Agree
• Choose option 2, the Standalone Authenticator
• Enter an e-mail address
• Read the ToS, and Agree
• Get a message that your nginx is already running on tcp/443, oops

It's still a little beta-ish

Yes, I stopped my nginx, ran the script again, and completed the installation that way. Using

# ./letsencrypt-auto auth --nginx -d blog.luukhendriks.eu

will make you realize that (at the time of writing) the nginx plugin is not yet in letsencrypt-auto.

So after the keys and certs are generated, alter your config like below, and start nginx again.

ssl_certificate             /etc/letsencrypt/live/blog.luukhendriks.eu/fullchain.pem
ssl_certificate_key         /etc/letsencrypt/live/blog.luukhendriks.eu/privkey.pem;

UNTRUSTED CERTIFICATE

So, what's served now exactly?

$ openssl s_client -showcerts -connect blog.luukhendriks.eu:443

CONNECTED(00000003)
depth=1 CN = happy hacker fake CA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/CN=blog.luukhendriks.eu
   i:/CN=happy hacker fake CA
-----BEGIN CERTIFICATE-----
MIIE7TC(......)

And then you realize that it's not all live yet. Which is ofcourse clearly stated in the FAQ. Which I didn't read.

Guess I'll try again from RIPE71, as things should result in actual valid certificates by then.