In this tutorial we will try the following ways to obtain Free SSL Certificate:
- Generate self-signed certificate
- Cloudflare SSL service
- Install Let’s Encrypt SSL certificate
All these examples have been tested on Ubuntu 18.04.
Why do you need SSL certificate?
SSL certificates is a very important part of your website because it secures the connection between you and your clients. Any information you send via internet can be intercepted by other people. It’s became crucial when this information is your credit card or any confidential information you don’t want to share with anyone. The solution is to encrypt the information so no one without special key can’t decrypt and use it.
SSL certificate is a special key allowing you to encrypt the information. Therefore, it is so important to install SSL certificate and make your connection trusted.
So, answering the question why you need SSL certificate, because it’s allows you to:
- Encrypt Information passing from a website and a user
- Authenticate. Any user knows that this is exact website they want to visit, but not unknown identity.
- Gain Customer Trust. A website is more reliable if it’s secured.
- Get SEO Benefits.
What is SSL?
SSL stands for Secure Sockets Layer, this is a protocol created to provide a trusted way of communication inside a network. In simple words SSL allow you to establish a secure connection to be sure your data is not intercepted by other people.
SSL certificate contains of public and private keys. Public key is your visit card. Anyone can encrypt a message for you using your public key. And you can decrypt this message using your private key. At same time you can encrypt message for someone using his own public key and he can decrypt the message with his own private key. This is how you communicate between two parties without sharing private keys.
Certificate Authority (CA) issue certificates and all web browser knows if your certificate was generated by CA or someone else. If it is trusted (generated by CA) then you get green lock in your browser URL.
Option 1: Self-signed Free SSL Certificates
Anyone can generate SSL certificate, but only those are trusted which were generated by Certificate Authority. Browsers will not trust you if your certificate is self-generated.
How to generate self-signed certificate
In this tutorial we will be using the following environment:
Ubuntu 18.04 and Apache 2 Webserver.
How to create SSL certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Configure Apache to use SSL
sudo nano /etc/apache2/conf-available/ssl-params.conf
Add the following lines:
Enable changed in Apache
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enconf ssl-params
sudo apache2ctl configtest
sudo service apache2 restart
Option 2: Cloudflare free SSL certificate service
Cloudflare.com provide a lot of services and SSL encryption is just a small part of the stack
To add your website to Cloudflare you must change DNS for your domain. Once you registered you can click “Add website”:
After going throw required steps explaining how to work with the system you will be notified how to change your DNS settings
You need to enter your domain provider settings and change nameservers accordingly.
This is how it looked before:
And after the changes:
Once this is done it may take some time for Cloudflare to list your website, during this process under your website you’ll see a status – “Pending”
Once all good status became “Active”.
Now you need to go to Crypto tab and activate SSL. By defaults it’s off, but you may activate it changing selectbox value.
It may take up to 24 hours for new certificates to issue.
You don’t need to worry about renewal, Cloudflare will renew certificate for you. It happens automatically by default.
Option 3: Let’s Encrypt Free SSL Certificate
Let’s Encrypt is an amazing service allowing to get absolutely free certificate.
At first, we will install a python client which will do all work for us.
sudo apt-get install python-certbot-apache
Now when we have the client we may generate a certificate for the website
sudo certbot --apache --agree-tos --email [email protected] --redirect --hsts -d yourwebsite.com
If you need to generate certificated for non-www domain and for www domain, then simply add one more -d parameter, like in the following command
sudo certbot --apache --agree-tos --email [email protected]bsite.com --redirect --hsts -d yourwebsite.com -d www.yourwebsite.com
If everything went well, you should be able to access https://yourwebsite.com
To renew your certificate you need to run a command:
sudo certbot renew --dry-run
But you also can add it to the cron and update it automatically. For this case you must first open crontab:
sudo crontab -e
And then add the following lines:
0 0 1 * * /usr/bin/certbot renew & > /dev/null
In this example certificate will be regenerated every first day of the month. But you can configure any timing you want.
That’s all! Now you know 3 different ways how to generate Free SSL certificate for your website!