In this tutorial we will try the following ways to obtain Free SSL Certificate:
- Generate self-signed certificate
- Cloudflare SSL service
- Install Let’s Encrypt SSL certificate
All these examples have been tested on Ubuntu 18.04.
Why do you need an SSL certificate?
SSL certificates are a very important part of your website because it secures the connection between you and your clients. Any information you send via the internet can be intercepted by other people. It’s become crucial when this information is your credit card or any confidential information you don’t want to share with anyone. The solution is to encrypt the information so no one without a special key can’t decrypt and use it.
SSL certificate is a special key allowing you to encrypt the information. Therefore, it is so important to install an SSL certificate and make your connection trusted.
So, answering the question of why you need an SSL certificate because it allows you to:
- Encrypt Information passing from a website and a user
- Authenticate. Any user knows that this is the exact website they want to visit, but not an unknown identity.
- Gain Customer Trust. A website is more reliable if it’s secured.
- Get SEO Benefits.
What is SSL?
SSL stands for Secure Sockets Layer, this is a protocol created to provide a trusted way of communication inside a network. In simple words SSL allows you to establish a secure connection to be sure your data is not intercepted by other people.
SSL certificate contains public and private keys. Public key is your visit card. Anyone can encrypt a message for you using your public key. And you can decrypt this message using your private key. At the same time, you can encrypt a message for someone using his own public key and he can decrypt the message with his own private key. This is how you communicate between two parties without sharing private keys.
Certificate Authority (CA) issue certificates and all web browser knows if your certificate was generated by CA or someone else. If it is trusted (generated by CA) then you get green lock in your browser URL.
Option 1: Self-signed Free SSL Certificates
Anyone can generate an SSL certificate, but only those are trusted which were generated by Certificate Authority. Browsers will not trust you if your certificate is self-generated.
How to generate a self-signed certificate
In this tutorial we will be using the following environment:
Ubuntu 18.04 and Apache 2 Webserver.
How to create an SSL certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Configure Apache to use SSL
sudo nano /etc/apache2/conf-available/ssl-params.conf
Add the following lines:
SSLEngine on SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
Enable changed in Apache
sudo a2enmod ssl sudo a2enmod headers sudo a2enconf ssl-params sudo apache2ctl configtest sudo service apache2 restart
Option 2: Cloudflare free SSL certificate service
Cloudflare.com provide a lot of services and SSL encryption is just a small part of the stack
To add your website to Cloudflare you must change DNS for your domain. Once you registered you can click “Add website”:
After going throw required steps explaining how to work with the system you will be notified how to change your DNS settings
You need to enter your domain provider settings and change nameservers accordingly.
This is how it looked before:
And after the changes:
Once this is done it may take some time for Cloudflare to list your website, during this process under your website you’ll see a status – “Pending”
Once all good status become “Active”.
Now you need to go to the Crypto tab and activate SSL. By defaults, it’s off, but you may activate it changing select box value.
It may take up to 24 hours for new certificates to issue.
You don’t need to worry about renewal, Cloudflare will renew the certificate for you. It happens automatically by default.
Option 3: Let’s Encrypt Free SSL Certificate
Let’s Encrypt is an amazing service allowing to get an absolutely free certificate.
At first, we will install a python client which will do all the work for us.
sudo apt-get install python-certbot-apache
Now when we have the client we may generate a certificate for the website
sudo certbot --apache --agree-tos --email [email protected] --redirect --hsts -d yourwebsite.com
If you need to generate a certificate for the non-www domain and for www domain, then simply add one more -d parameter, like in the following command
If everything went well, you should be able to access https://yourwebsite.com
To renew your certificate you need to run a command:
sudo certbot renew --dry-run
But you also can add it to the cron and update it automatically. For this case you must first open crontab:
sudo crontab -e
And then add the following lines:
0 0 1 * * /usr/bin/certbot renew & > /dev/null
In this example, a certificate will be regenerated every first day of the month. But you can configure any timing you want.
That’s all! Now you know 3 different ways how to generate a free SSL certificate for your website!