Let's Encrypt

, previously known as Let's Encrypt client, is a free, automated, and open certificate authority client.

From the official website: "Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands."

Preliminary
Point an external IP at HTTP (port 80/TCP) and HTTPS (port 443/TCP) at a web server and setup DNS for it. This is important. You have to prove you own the IP/domain. You could use dynamic DNS if necessary.

acme-tiny (optional)
app-crypt/acme-tiny is a short, auditable Python script which avoids a lot of the bloat included in the official client.

Prerequisites
It is currently available in the NP-Hardass' overlay:

acme-tiny
The documentation on is the best place to look for the most up to date information, but has been summarized below:

Make a directory for challenges to be created in:

Add this to the Apache http vhost; IE port 80 vhost:

Set these in the Apache https vhost; IE port 443 vhost:

Make a directory to hold the various files related to LE:

Create an account key, domain key and a CSR (replace www.example.co.uk with your host name):

Register and create the various certificate files: Check let's encrypt currently used [|intermediate certificate]

Reload configs for webserver:

or

or

Sample renewal script:

Add a monthly cron job:

acmetiny
For those that are not interested in using scripts or want to configure things manually the first time, the author of acme-tiny has provided a webpage that gives step by step instructions along with javascript to help walk you through setting up your certificates. The guide may be found on Get HTTPS for Free website.

External resources

 * Manual installation - In the event manual installation is preferred. Note: Portage will not track the installation if the Let's Encrypt is manually installed; this is not recommended by Gentoo developers.