Well, title says everything basically. I've switched to Let's Encrypt for my HTTPS needs. Or actually curiosity and lazyness needs.
How to get this up and running on a Debian system running nginx:
$ git clone https://github.com/letsencrypt/letsencrypt.git $ cd letsencrypt # ./letsencrypt-auto -d blog.luukhendriks.eu auth
Then, in the menus, do:
Yes, I stopped my nginx, ran the script again, and completed the installation that way. Using
# ./letsencrypt-auto auth --nginx -d blog.luukhendriks.eu
will make you realize that (at the time of writing) the nginx plugin is not yet in letsencrypt-auto.
So after the keys and certs are generated, alter your config like below, and start nginx again.
ssl_certificate /etc/letsencrypt/live/blog.luukhendriks.eu/fullchain.pem ssl_certificate_key /etc/letsencrypt/live/blog.luukhendriks.eu/privkey.pem;
So, what's served now exactly?
$ openssl s_client -showcerts -connect blog.luukhendriks.eu:443 CONNECTED(00000003) depth=1 CN = happy hacker fake CA verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/CN=blog.luukhendriks.eu i:/CN=happy hacker fake CA -----BEGIN CERTIFICATE----- MIIE7TC(......)
And then you realize that it's not all live yet. Which is ofcourse clearly stated in the FAQ. Which I didn't read.
Guess I'll try again from RIPE71, as things should result in actual valid certificates by then.