From charlesreid1

Overview

SSL, or secure socket layer, is a way for computers to establish encrypted connections. The SSL server requires an SSL certificate, which consists of a public and private key, that is generated and signed by a trusted certificate authority. The owner of the server controls the keys, which allows clients to establish SSL connections with them and trust that it is, in fact, the server they think it is.

Apache mod_ssl

Apache serves https using a mod called mod_ssl, documentation is here: http://httpd.apache.org/docs/current/ssl/

The mod_ssl Apache mod requires installing OpenSSL:

$ apt-get install openssl

and can be turned on by adding the following to your apache config file:

LoadModule ssl_module modules/mod_ssl.so

Just below that, add a block specifying configuration details:

LoadModule ssl_module modules/mod_ssl.so

Listen 443
<VirtualHost *:443>
    ServerName www.example.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
</VirtualHost>

Why free certificates are a big deal

Back in the old days, before Let's Encrypt, you had to sign your own certificate, since a signed certificate from a certificate authority could set you back a couple thousand dollars a year. That was also back when encryption was less common, because the computational cost of encrypting all of your traffic on a connection with a website was not cheap for clients or for servers. This meant HTTPS came at a premium, and was a valuable/limited/protected resource.

But computers are constantly getting faster, eventually encryption become commonplace everywhere, and more people wanted certificates at a reasonable price. So eventually certificates signed by new certificate authorities dropped to the $20-$100 range, and now, with Let's Encrypt, they're free. That means the process of encrypting connections with servers has become more democratic, more accessible, and more pervasive, and that's good for everyone's privacy.