Before following this guide, please read through our general guide to implementing HTTPS as it covers the basics and some important tips. Let’s Encrypt is a new modern alternative to dealing with HTTPS certificates the traditional way. It offers a free automated process, making encryption available to more people than ever before.
Is Let's Encrypt the right choice for you?
There are a few limits that mean Let’s Encrypt is not usable in every situation. First off, it is trusted as a Certificate Authority by most vendors, but some old clients cannot visit sites that use Let’s Encrypt. Examples of such clients are Nintendo 3DS and some old versions of Blackberry OS. This is probably not a problem for you, unless you know that many of your visitors are using obscure browsers to visit your website. If that is the case, Let’s Encrypt might not be the best option for you.
Another situation where Let’s Encrypt is not the answer is if you are in need of wildcard certificates as that is not supported. If you decide Let’s Encrypt is not a good option for you, we recommend the traditional approach.
Set up your certificate
To help you set up your certificate correctly, you can refer to the Certbot guide that provides clear instructions on how to enable HTTPS with Let’s Encrypt certificates.
Please be aware that the lifetime of a Let’s encrypt certificate is 90 days. The official recommendation is to automatically renew it after 60 days, which means it’s a good idea to set up regular automated updates for your certificates. If you have followed the Certbot guide you don’t have to worry about automated certificate renewal as it is included in the setup process.
HSTS
For Let’s Encrypt this is done in the same manner as described in our support article on Implementing HTTPS the traditional way.
Forced HTTPS
For Let’s Encrypt this is done in the same manner as described in our support article on Implementing HTTPS the traditional way.