Last year, I wrote Website starts supporting HTTPS and Using observatory.mozilla.org to improve site security. At that time, I was using the free StartCom certificate with a validity period of one year. It is about to expire at the end of this month, so I am trying to install the recently popular Let’s Encrypt electronic certificate.

First, execute these commands on Mac to install certbot. $ brew update $ brew install certbot $ brew ls certbot /usr/local/Cellar/certbot/0.9.3_1/bin/certbot /usr/local/Cellar/certbot/0.9.3_1/bin/letsencrypt /usr/local/Cellar/certbot/0.9.3_1/libexec/bin/ (18 files) /usr/local/Cellar/certbot/0.9.3_1/libexec/lib/ (1946 files) /usr/local/Cellar/certbot/0.9.3_1/libexec/ (2 files) /usr/local/Cellar/certbot/0.9.3_1/share/certbot/ (7 files)

Then execute on Mac $ certbot –config-dir ~/letsencrypt/etc –work-dir ~/letsencrypt/lib –logs-dir ~/letsencrypt/log certonly –manual Enter email, domain, Follow the instructions to create the authentication file under .well-known/acme-challenge/ on the server, and press Enter,

It looks like the certificate was obtained successfully, and the following is displayed:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /Users/laoyanhunhua/letsencrypt/etc/live/yinlei.org/fullchain.pem. Your cert will expire on 2017-04-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you lose your account credentials, you can recover through e-mails sent to [email protected]. - Your account credentials have been saved in your Certbot configuration directory at /Users/laoyanhunhua/letsencrypt/etc. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

You can see that 4 files are generated under local etc/live/yinlei.org/: cert.pem chain.pem fullchain.pem privkey.pem

Then, place the key file privkey.pem, website certificate cert.pem, and intermediate certificate chain.pem on the web server in order. (Domain settings → SSL certificate update → Upload private key → Install certificate → Install intermediate certificate) The disadvantage of Let’s Encrypt is that the validity period is only 3 months, which is really too short…

Reference materials How to use Let’s Encrypt HTTPS for Windows users - Sakura Rental Server + Let’s Encrypt + WordPress Multisite Creating a certificate for multiple hostnames with let’s encrypt

Later, I optimized the website a bit, Including merging 3 CSS files into one, Using asynchronous methods when calling javascript (adding async parameter), I feel that the page display speed has improved somewhat. I tested it on Google’s testmysite.thinkwithgoogle.com and PageSpeed Insights tools, and the results have indeed improved.

Note How to update Let’s Encrypt electronic certificate