FYI, if you don't want to install all the dependencies of the official letsencrypt client, I made a <200 line python script that automates issuing and renewing certificates. Love the Let's Encrypt project, but really don't want to install all those dependencies on my server just to get a free cert.<p><a href="https://github.com/diafygi/acme-tiny" rel="nofollow">https://github.com/diafygi/acme-tiny</a>
Most people shouldn't need both cert.pem and fullchain.pem, because fullchain.pem is "full" because it also contains a copy of cert.pem (unlike chain.pem, which doesn't). (I chose these names for the structure of Let's Encrypt's certificate storage.)
For anyone that wants to do this w/ nginx, you can add this location configuration to any "server" block for the challenge portion:<p><pre><code> location /.well-known/acme-challenge/ {
alias /var/www/acme-webroot/.well-known/acme-challenge/;
}
</code></pre>
Then use this this tool from mozilla to get a configuration for installing the cert: <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.9.5" rel="nofollow">https://mozilla.github.io/server-side-tls/ssl-config-generat...</a>
This might be a dumb question, after I auto-generate all those ssl certs, how am I going to certify it at some CA? so that all browser will not pop up a warning page when the ssl-site is accessed? What's the key difference between letsencrypt and self-signed ssl certificate?