I don't know if you've noticed but the sandbox is now running with a certificate from the Let's Encrypt project. It was a dead simple process: git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt/ ./letsencrypt-auto --help # First time run, it'll bootstrap it's dependencies mkdir jh Then I create the file jh/cli.ini with this content: # This is an example of the kind of things you can do in a configuration file. # All flags used by the client can be configured here. Run Let's Encrypt with # "--help" to learn more about the available options. # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 # Uncomment and update to register with the specified e-mail address # email = email@example.com email = firstname.lastname@example.org # Uncomment and update to generate certificates for the specified # domains. # domains = example.com, www.example.com domains = janvdl.com, www.janvdl.com # Uncomment to use a text interface instead of ncurses text = True # Uncomment to use the standalone authenticator on port 443 # authenticator = standalone # standalone-supported-challenges = tls-sni-01 # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. authenticator = webroot webroot-path = /var/www And finally: ./letsencrypt-auto certonly -c jh/cli.ini ls /etc/letsencrypt/live/janvdl.com/ You will then have 4 files: cert.pem - Your certificate chain.pem - Upstream certificates (CA and eventual intermediates) fullchain.pem - The cert.pem and chain.pem combined in a single file privkey.pem - Private key All done, it's just to configure your favorite webserver to utilize the new certificate.