FREE SSL Certificate

Many of you may have wanted to get a free SSL certificate in order to use the HTTPS protocol on their server / website, well today, it’s possible (Really, no traps in here), and thanks to Linux Foundation and its partners which have started a project called “Let’s Encrypt”.

Let’s Encrypt is simply a project that gives SSL/TLS certificates for anyone who needs it for free; you install a script on your server, you run it, and you get your SSL certificate, it’s as simple as that. Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

What is HTTPS

HTTPS Stands for “HyperText Transport Protocol Secure”, HTTPS is the same thing as HTTP protocol, but uses a secure socket layer (SSL) for security purposes, which means that the data being manipulated between you and the website you connect to are encrypted; no one can know what it really is but you and the website you visit.

Some examples of sites that use HTTPS include banking and investment websites, e-commerce websites, and most websites that require you to log in. To make an HTTPS Connection you need an SSL Certificate.

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol and allows secure connections from a web
server to a web browser (client user).

Setup Free SSL Certificate with Let’s Encrypt

Now Let’s start the adventure, we will use “Let’s Encrypt” service to install the SSL certificate on your web server.  To use Let’s encrypt we need to install “Certbot” script on our servers, it will do almost the whole job for us.

Type in terminal:

wget HTTPS://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto

To setup HTTPS in Apache web server:

./certbot-auto --apache

After certbot initializes, you will be prompted to answer some questions (Like the user agreement, domain name.. etc), the exact prompts may vary depending on if you’ve used Let’s Encrypt before.

To setup HTTPS in nginx web server, run:

./certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single certificate for example.com, www.example.com, thing.is and m.thing.is; it will place the files under /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair. (You have to replace them with your domains names and your web root dicretory)

Now edit the Nginx configuration:

nano /etc/nginx/sites-available/default

Make a new server block in your Nginx configuration file, don’t forget to replace example and example.com with your domain name, and make it listen to 443 as SSL:

server {
    # SSL configuration
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    root /var/www/example;
    server_name example.com www.example.com;
    index index.html index.php index.htm;
}

Within your new server block, add the following lines and replace
all of the instances of example.com with your own domain name:

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    location ~ /.well-known {
        allow all;
    }

Save the file and exit (In nano, click Ctrl + X).

Renew the Let’s Encrypt Certificate Automatically

Let’s Encrypt certificates last for 90 days only, however; you can choose automatic renewal by adding a cronjob or systemd job which runs the following:

./path/to/certbot-auto renew --quiet --no-self-upgrade

Replace the above example path for certbot with the path on your web server, the above command will automatically renew the certificate for you, you can put it in a cronjob using the following command:

sudo crontab -e

Now you will see that a file is opened for you, enter the following lines at the end of the file, don’t forget to replace the path to the certbot script on your server, and don’t forget to replace “Nginx” with Apache2 or httpd (according to the name of web server you use):

0 1 * * 1 /path/to/certbot-auto renew --quiet --no-self-upgrade >> /var/log/letsencryptrenew.log
0 1 * * 1 service nginx reload
0 1 * * 1 service nginx restart

And that’s it, save the file and exit.

You know have installed a complete setup for your web server to use the HTTPS protocol, you can check “https://example.com” to see your new domain name running under the HTTPS protocol, it was easy wasn’t it? 😀

If you need help, you can leave us a question in the comments.

M.Hanny Sabbagh

Python programmer and open source software enthusiast. Worked on developing a lot of free software. The founder of FOSS Post. Computer Science major.

Load More Related Articles

Check Also

OnlyOffice: Another Free Office Suite For Linux

When someone mentions a “free office suite”, probably the first name would be …