Certbot

Let's Encrypt is a free, automated, and open certificate authority.

From the official website: "Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands."

Preliminary
Point an external IP at http (port 80/tcp) and https (port 443/tcp) at a web server and setup DNS for it. This is important. You have to prove you own the IP/domain. You could use dynamic DNS if necessary.

acme-tiny (Alternative, minimalist client)
app-crypt/acme-tiny is a short, auditable Python script which avoids a lot of the bloat included in the official client. It is currently available in the NP-Hardass' overlay.

Configuration
The documentation on is the best place to look for the most up to date information, but has been summarized below:

Make a directory for challenges to be created in:

Add this to the Apache http vhost; IE port 80 vhost:

Set these in the Apache https vhost; IE port 443 vhost:

Make a directory to hold the various files related to LE:

Create an account key, domain key and a CSR (replace www.example.co.uk with your host name):

Register and create the various certificate files:

Reload configs for webserver:

or

or

Sample renewal script:

Add a monthly cron job:

Manual (Get HTTPS For Free)
For those that are not interested in using scripts or want to configure things manually the first time, the author of acme-tiny has provided a webpage that gives step by step instructions along with javascript to help walk you through setting up your certificates. The guide may be found on Get HTTPS for Free

External resources

 * Manual installation - In the event manual installation is preferred. Note: Portage will not track the installation if the Let's Encrypt is manually installed; this is not recommended by Gentoo developers.