Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides Domain Validated (DV) certificates essential for SSL, which enables the HTTPS secure connection that encrypts data transfer. . The DV certificate verifies that you own the domain, and is recognized and trusted by most leading web browsers.

Depending on your operating system, there may be package of Let’s Encrypt available, which makes installation of Let’s Encrypt easier as all dependencies taken care of. Otherwise, you can still manually install Let’s Encrypt. Here’s guide on how to install Let’s Encrypt on various Linux distributions.

Fedora 23 or Later (including Rawhide)

dnf install letsencrypt

Red Hat Enterprise Linux (RHEL) 7 / CentOS 7 or Newer

Install EPEL repository with the following command:

yum install epel-release

Install Let’s Encrypt client with the following command:

yum install letsencrypt

FreeBSD

Install Let’s Encrypt client from port with the following command:

cd /usr/ports/security/py-letsencrypt && make install clean

Install Let’s Encrypt client from port with the following command:

pkg install py27-letsencrypt

OpenBSD

Install Let’s Encrypt client from port with the following command:

cd /usr/ports/security/letsencrypt/client && make install clean

Install Let’s Encrypt client from port with the following command:

pkg_add letsencrypt

Arch Linux

pacman -S letsencrypt letsencrypt-apache

Debian (for Debian Jessie (8), Debian Stretch (9) or Debian Sid)

apt-get update
apt-get install letsencrypt

An Apache plugin is available for Apache 2.4 on Debian-based distributions with libaugeas0 1.0+ which automates obtaining and installing a cert. To install it, run:

apt-get install python-letsencrypt-apache

Gentoo

The official Let’s Encrypt client is available in Gentoo Portage. If you want to use the Apache plugin, it has to be installed separately:

emerge -av app-crypt/letsencrypt
emerge -av app-crypt/letsencrypt-apache

For the nginx plugin, use Layman to add the mrueg overlay which does include the nginx plugin package:

emerge -av app-portage/layman
layman -S
layman -a mrueg
emerge -av app-crypt/letsencrypt-nginx

Manually Install Let’s Encrypt Client on Any Linux OS

If you are running older versions of Linux distribution, or your version of Linux does not have official package yet such as CentOS 6, RedHat Enterprise Linux 6 and Ubuntu, you can manually install and use Let’s Encrypt to generate SSL certificate:

  1. Install Git, which is used to clone the master branch of Let’s Encrypt.

    In Red Hat Enterprise Linux (RHEL), CentOS and similar distros, run:

    $ yum install git

    In Ubuntu and other Debian-based distribution, run:

    $ apt-get install git
  2. Clone the Let’s Encrypt repository to download the scripts:
    git clone https://github.com/letsencrypt/letsencrypt
    Tip
    Git will download the scripts into a letsencrypt directory in where you run the clone command. To specify the directory to place the Let’s Encrypt client, specify the path. For example, to store the Let’s Encrypt client under /opt, a directory commonly used for placing third-party software on Linux and Unix systems:

    git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
  3. Run the Let’s Enrypt auto installer:
    letsencrypt-auto --help
    letsencrypt-auto accepts the same flags as letsencrypt; letsencrypt-auto installs all of its own dependencies and updates the client code automatically, and hence it’s comparatively slower and larger than letsencrypt.

    For Let’s Encrypt client obtained manually the comes with letsencrypt-auto, the client (letsencrypt binary) is available inside the virtual environment it created: /home/user/.local/share/letsencrypt/bin/letsencrypt.

    In CentOS 6 and RHEL 6, EPEL repository is required to install python-virtualenv.