Enabling HTTPS with Let’s Encrypt SSL certificate on your website

Let's Encrypt, is a Certificate Authority that provides free certificates, and has a mission of enabling SSL everywhere.

This article is intended as a guide to assist with the installation of the LetsEncrypt SSL certificate on to the Acquia Cloud platform.

Note that this guide assumes you are using OSX/Linux for creating certificate locally.

• Download certbot a command line tool from the EFF for managing SSL certificates with Let's Encrypt. Select Apache and then your appropriate OS from the dropdown.

• Run sudo certbot certonly --manual --preferred-challenges dns --cert-name <DOMAIN> -d <DOMAIN> replacing <DOMAIN> with your real domain you want the certificate to cover. You will be presented with: 

  copy

  -------------------------------------------------------------------------------
  NOTE: The IP of this machine will be publicly logged as having requested this
  certificate. If you're running certbot in manual mode on a machine that is not
  your server, please ensure you're okay with that.
  
  Are you OK with your IP being logged?
  -------------------------------------------------------------------------------
  (Y)es/(N)o: Y

  Select Y in order to continue. 

  A Warning Note

  After selecting Y and pressing enter the script will show you the data and DNS TXT entry to create and a message:

  "Press Enter to Continue"

  Do NOT press enter to continue.

  You will be presented with: 

  copy

  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Please deploy a DNS TXT record under the name
  _acme-challenge.<DOMAIN> with the following value:
  
  <RANDOM STRING>
  
  Before continuing, verify the record is deployed.
  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Press Enter to Continue

• At this point, login to your DNS provider and create a new TXT entry for the domain with title _acme-challenge.<DOMAIN> and value displayed under as <RANDOM STRING>
  

  
• Once you have added and saved the DNS TXT entry, go back to Certbot terminal on your local machine and press Enter.
• You'll be presented with: 
  copy

  Waiting for verification...
  Cleaning up challenges
  
  IMPORTANT NOTES:
   - Congratulations! Your certificate and chain have been saved at:
     /etc/letsencrypt/live/<DOMAIN>/fullchain.pem
     Your key file has been saved at:
     /etc/letsencrypt/live/<DOMAIN>/privkey.pem
     Your cert will expire on <certificate expiry date>. To obtain a new or tweaked
     version of this certificate in the future, simply run certbot
     again. To non-interactively renew *all* of your certificates, run
     "certbot renew"
   - If you like Certbot, please consider supporting our work by:
  
     Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
     Donating to EFF:                    https://eff.org/donate-le

• Copy the contents of the certificate you just generated on your local machine to the Acquia Cloud interface SSL page.
  • On your local machine you can view the content of the pem files using the following commands (the default location is /etc/letsencrypt/live/[domain]/) : 
    copy

    $ sudo cat /etc/letsencrypt/live/<domain>/fullchain.pem
    $ sudo cat /etc/letsencrypt/live/<domain>/privkey.pem

  • Following Managing SSL certificates once you reach step 4, you should populate the fields with the contents of the fullchain.pem and privkey.pem. Note that the first certificate entry of fullchain.pem goes in the SSL certificate field. The second certificate entry of  fullchain.pem goes in the CA Intermediate certificates field and, the content of privkey.pem goes in the SSL Private Key section.
• You can now proceed to the next steps of Managing SSL certificates to Activate the certificate.