3 months ago I wrote down an article about this topic. It was back then based on the invitation only beta program. Since then the team behind letsencrypt changed a couple of steps. You can read all the steps to get an A+ status here. Mainly the prerequisites & installation is changed a bit. The guide is still based on fresh install Ubuntu 14.04LTS server.

Added installation steps

Before cloning the Letsencrypt Github repository you need to do an new step.

$ sudo apt-get install python-pip

Currently this step is not included in the Letsencrypt automatic installation script but will fail installing. If you didn't install the Python Pip tools, you will get the following error;

x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DUSE__THREAD -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python2.7 -c c/_cffi_backend.c -o build/temp.linux-x86_64-2.7/c/_cffi_backend.o

virtual memory exhausted: Cannot allocate memory

error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

The other steps in the installation process remain the same.

New way to obtain your certificate

Because you don't have to agree anymore with the development preview and the server is added automatically and you don't need to register your domain upfront the script is changed slightly from;

./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth --rsa-key-size 4096

to

./letsencrypt-auto certonly --standalone --rsa-key-size 4096

The script will start and will ask the default questions to obtain your certificates. Don't forget to stop the webserver running on port 80 before starting the script.

Letsencrypt renewal

Another great thing is the new renewal parameter. Using this parameter when you're in the renewal period, you can renew way faster then using the full command to create the certificates.

$ cd /cloned-letsencrypt-folder-location/
$ ./letsencrypt-auto renew --rsa-key-size 4096