Let's Encrypt SSL Installation

Let's Encrypt is a free internet security client that can automate the certification process for your website. Follow the steps below to set up your Let's Encrypt SSL certification on your LemonStand Store.

Reference: Let's Encrypt - How it works

Prerequisite: Set up a custom domain - How to point a domain name to your LemonStand store

1. Install Let's Encrypt

On Mac, you will need to install Homebrew and then install Certbot via Homebrew. On Linux, you can install from Github or find alternative installation instructions here.

Once you've installed certbot via your chosen method, you will be able to run certbot to start the process of creating a SSL certificate.

certbot certonly --manual

You should now see a message like this:

Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):

Type in your domain name, such as mycoolshop.com or shop.lemons.com and hit Enter. If you are using both a www and root domain, include both domains here.

At this point you should see a message like the following:

Make sure your web server displays the following content at
http://yourdomain.com/.well-known/acme-challenge/A6qlarmAEb3lYXxSTWqmy4RxzCDU5Ck5zJLkDNtX6rM before continuing:
A6qlarmAEb3lYXxSTWqmy4RxzCDU5Ck5zJLkDNtX6rM.Ac_SLlOAiu9O4h5StDAlQvXaSluYjKSdbYaW1U37aNw

IMPORTANT: Continue to step 2 before pressing Enter

2. Let's Encrypt authorization step

  1. Create site template in your store's backend called letsencrypt
  2. Paste contents of your unique authorization code into this site template. In this case it would be: A6qlarmAEb3lYXxSTWqmy4RxzCDU5Ck5zJLkDNtX6rM.Ac_SLlOAiu9O4h5StDAlQvXaSluYjKSdbYaW1U37aNw
  3. Create a page template called .well-known in your store's backend, and select the letsencrypt site template you created in step 1 when creating this page.

This page will use your letsencrypt authorization url as it's URL.

In this example, the URL for the .well-known page template would be /.well-known/acme-challenge/A6qlarmAEb3lYXxSTWqmy4RxzCDU5Ck5zJLkDNtX6rM

  • Go to your unique url to test and make sure the authorization code is the only thing displayed before continuing to Step 3

3. Continue the verification process with the client

Press Enter to continue where you left off in the command line. You should see a success message telling you the certificates are ready.

4. Get your Certificates

Run the following commands to get a list of your new certificate files (or more accurately, aliases that point to the most recent certificate files), and move into the folder:

sudo ls -la /etc/letsencrypt/live/yourdomain.com
sudo su
cd /private/etc/letsencrypt/live/yourdomain.com/

You should see 4 .pem certification files:

cert.pem chain.pem fullchain.pem privkey.pem

Copy the contents of the files to your clipboard using this command:

cat <file> | pbcopy

Replace  <file>  with the name of the cert files listed below.

Note: If you are renewing your Let's Encrypt certificate, the files within the /etc/letsencrypt/live/www.yourdomain.com folder should point to the most recent certificate files (in the /etc/letsencrypt/archive/ folder) that have an incremented number at the end, such as fullchain3.pem for example. If you copy the contents of the files in the live folder, you'll always be getting the most recent cert files.

Install the certificates via the My Account section under your store by pasting the relevant file contents into each field:

  • Use fullchain.pem for your Primary SSL Certificate
  • Use privkey.pem for your Private Key

5. Test your site:

Look for the lock in your address bar, or use an ssl checker such as SSL Shopper to verify your site's certification.