How To Create FREE SSL Certificate For Your Website?
Is your website protected by HTTPS secure connection? If you are not sure, the easiest way to check is by looking at your web browser’s address bar. If you are seeing a green closed padlock on your website, congratulation your website is protected by HTTPS secure connection. Otherwise, your website is considered not secure and it’s vulnerable to hacker’s attack. You need an SSL certificate to activate the HTTPS secure connection for your website. You can buy your SSL certificate from a certificate authority (CA) like Comodo. However, do you know that you can create free SSL certificate? Yes, create for free! In this article, I will show you how to create free SSL certificate for your website.
But wait . . .
Before we start, I need to remind you that this process is going to be quite technical. I assume that you have some IT technical background and you are comfortable running commands on the command line. Also, you will need to have shell access (also known as SSH access) to your web host. Otherwise, this article is not for you.
However, if you still want to find out how to create free SSL certificate, you are most welcome to continue reading. 🙂
You may want to check out my blog post about the benefits of HTTPS too.
Let’s Encrypt
You will be creating your free SSL certificate from Let’s Encrypt. So, who is Let’s Encrypt? Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
Let’s Encrypt has the mission to create a more secure and privacy-respecting Web by providing free digital certificates in the most user-friendly way.
You may visit Let’s Encrypt official website to learn more about them. They also have a page that give the detailed information about how the Let’s Encrypt CA works.
Install Certbot ACME Client
Let’s get into action to create your free SSL certificate now. First, you will need to install Certbot AMCE client. It can automate certificate issuance and installation with no downtime. For me, I am working on Apache 2.2 and CentOS 6.10 environment.
The instruction I am going to show you should work fine in most operating system and web server. However, you may visit the Certbot site to get customized instructions for your operating system and web server.
Now, run the following command in your /root directory. If you do not want to run it in /root directory, you can change it to others directory you want.
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
The above command installs certbot-auto in your /root directory. It also installs all its own dependencies and updates the client code automatically. Next, you will create free SSL certificate for your domain.
Creating SSL Certificate From Let’s Encrypt
Please take note that you may need to temporarily stop your existing webserver before running the following command. Let’s assuming that you want to create free SSL certificate for domain name example.com and www.example.com. Your command should look as below.
./certbot-auto certonly --standalone -d example.com -d www.example.com
If you just want to create certificate for a single domain example.com only then you should run the command as below.
./certbot-auto certonly --standalone -d example.com
When the installation is successfully finished, you should see a similar message as below:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-04-21. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you lose your account credentials, you can recover through e-mails sent to user@example.com. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Your SSL certificate files should be created under /etc/letsencrypt/live/example.com directory. You should see the following files in the directory:
cert.pem chain.pem fullchain.pem privkey.pem README
Install SSL Certificate On Apache Webserver
After creating your free SSL certificate from Let’s Encrypt, you should install the ceritificate on your webserver. In my case, I am using the Apache webserver. Edit the following apache configuration file to include the SSL certificates.
/etc/httpd/conf.d/vhost.conf
Add the following lines to the configuration file. Then save and restart Apache.
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Setting Up Auto Renewal
Let’s Encrypt certificates have a validity period of 90 days, and you can renew them when they are 30 days before the expiration date. The certbot client provides a renew command that automatically checks the currently installed certificates.
You can use the below command to trigger the renewal process.
./certbot-auto renew
This command will automatically check for the certificate expiry date. If your certificate is not due yet, it will show a similar message as below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/example.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/example.com/fullchain.pem expires on 2018-11-27 (skipped) No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can create a scheduled job to automate the renewal process. In Linux environment like CentOS, you can create a scheduled job by editing crontab file. Run the following command to edit crontab file:
crontab -e
Include the following line into crontab file to schedule a weekly job running on every Sunday at 12:30 am.
30 0 * * 0 /root/certbot-auto renew >> /var/log/le-renew.log
Conclusion
In my opinion, HTTPS is no longer an option but a must do action for your website. It’s not only securing your website’s connection but also building trust with your visitors.
No doubt, you will incur additional cost for implementing HTTPS to your website. However, you should understand the benefits of HTTPS and balance between cost and security.
Create free SSL certificate from Let’s Encrypt will save you cost on implementing HTTPS. However, you must comfortable to dealing with the technical stuffs.
Alternatively, you can choose to host your website with hosting service that provide your free SSL support. I host my website with Wealthy Affiliate, a platform for internet marketing training, websites building, hosting and many more. Wealthy Affiliate provides free SSL certificate for each website hosting with them.
Lastly, thank you for stopping by and I hope you enjoy reading my blog post. You are welcome to leave me message at the box below. If you like my article, please share it with your friends. 🙂
To Your Success,
Kwah Choon Hiong
