Today I want to document how I enabled https on a website on a server run by debian jessie using the letsencrypt project.
The first step is, obviously, to install the letsencrypt package. Obviously enough a search for the package (i.e. apt-cache search letsencrypt) shows that this package is not available in the debian jessie distribution. But thanks to the official Debian Backports project, we can get package anyway. Just follow the instructions on the website and then a simple command (apt-get -t jessie-backports install letsencrypt) installs our beloved letsencrypt package.
If you are using apache like me, you should also install the apache plugin for letsencrypt (apt-get -t jessie-backports install python-letsencrypt-apache) and the libaugeas0 (apt-get install libaugeas0) library.
After this, changing your http website to https is easily done via: letsencrypt –apache -d subdomain.example.net . This command asks you some questions and after that, voila, everything is done. No need for any additional configuration.
More information how to use the letsencrypt client or how to install it on other systems can be found in this PDF documentation.
Beware: I don’t know if the renewal of the certificates is now done automatically. If they expire and I have to renew them, I will update this article how to do this.
P.S.: If you are using owncloud and you are battling with trying to tell your linux owncloud-client to use now https instead of http: Don’t wrestle with the graphical interface, it won’t allow you this. Just edit the owncloud config file /home/<YOURUSER>/.local/share/data/ownCloud/owncloud.cfg by changing the url from http to https.
P.P.S.: You can use the online SSL Server Test Service to validate your https Website and get information about how it is configured and if it is vulnerable.