This process has now been simplified even renewing the certificates with a library that can be found here nfsn lets encrypt
I let my certificates expire and was able to run the script very simply and everything is now fixed without having to do any extra steps yay!
I have enabled https for a couple domains in the past and the experience has always been nerve wracking. Any little change can seem to be a possibly major hurdle. System Administration has never been my forte but I do like aspects of it. Except when it goes wrong which it often does. Usually unless all the commands I copy and paste online work everything is groovy otherwise PANIC!
Luckily this was less panic. I found this blog that made it really simple to setup. While I tried another github repo that was geared toward nsfn setup I ended up using the nosudo version and following the blogs instructions.
Git clone this repo https://github.com/diafygi/letsencrypt-nosudo to a directory and run the commands it lists in the readme to generate the keys then using python 2.7 (Windows worked fine for me using ConEMU) run the command python sign_csr.py --file-based --public-key user.pub domain.csr > signed.crt
Go through all the steps and you will need to update your website with a temporary webpage with the content that it requests. Remove it when done. Then as the author from the blog says grab the domain chain file
curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
On nsfn login and
mkdir -p /home/protected/ssl
Copy / SCP / Use a client to copy the domain.key, signed.crt, domain.chn to /home/protected/ssl
Then run the command
cat privkey.pem cert.pem chain.pem | nfsn -i set-tls
You should get a response like so
INFO: Enabling TLS for www.alanmbarr.com INFO: Enabling TLS for www.alanmbarr.com INFO: Enabling front-end HTTPS for www.alanmbarr.com INFO: Flagging canonical name as HTTPS-enabled. e4: OK (www.alanmbarr.com) e3: OK (www.alanmbarr.com) e6: OK (www.alanmbarr.com) e5: OK (www.alanmbarr.com) OK: Setup was fully confirmed.
For me the changes were pretty much instant and navigating to the website took me to the https version.
Here's to a more secure web!