Let’s Encrypt is a free certificate authority run as a non-profit organisation. I decided to try setting it up on my server, and was finished within five minutes. The certbot tool has been packaged for Debian and has been backported for Jessie. A single command configured Apache to redirect to https always, create the SSL cert, install it and create a systemd timer file to automatically renew it:
$ cat /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=3600
Persistent=true
[Install]
WantedBy=timers.target