Install a free SSL Certificate

What is SSL certificate?

SSL Certificates are small files that digitally bind a cryptographic key to an organization’s details. SSL certificates allows a secure connection between web server and browser. It binds domain name, Host name, identity of the organization and location.

Why we need it?

To establish secure session between web server and browser, organization needs to install SSL certificate on the web server. If web server has SSL certificate installed, application protocol is changed to HTTPS where ‘S’ stands for secure.

How can I get an SSL certificate for free?

Let’s Encrypt is a Certificate Authority which provides free SSL certificate for your domain. Follow the steps given below to obtain SSL certificate for your domain.

Prerequisites

Before you start to install SSL certificate, make sure that you have met the following prerequisites:

  • Domain name should pointing to the server IP.
  • On the server, you must have installed Apache with Apache Virtual Host.

Step 1: Install Certbot

First of all, we have to install client that verifies you have a domain and set up the server to serve files. Certbot is the official client for Let’s Encrypt. You can choose any other client if you want. Here in this tutorial, we shall use Certbot. Download and execute it by following commands.

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto

After executing above commands, move it to /usr/bin which is standard location and accessible.

mv certbot-auto /usr/bin

Certbot installation is completed and now it can automatically install any required dependencies.

Step 2: Deploy HTTPS on Apache or nginx

If you are using Apache then use the command given below:

sudo certbot-auto –apache

If you are using nginx then use the command given below:

sudo certbot-auto –nginx

Now certbot will download some necessary code. Then you will be asked for email address and after that you have to agree Terms of Service to proceed further.

Then you will be asked to select website(s) on which you want HTTPS. If you want to install SSL for all domain then leave that field blank and hit an Enter. If you want to exclude some domain or want SSL for specific domain then enter the sequence number of that domain and hit Enter.

Generally, from the configuration of the server, Certbot can find the domain name. If it cannot find it, It will ask you to type it. At the end, it will ask to redirect all traffic to HTTPS by default. Select an option from the list and hit enter. Now you can visit your website by https://yourwebsitename.com.

Renew Let’s Encrypt Certificate

Let’s Encrypt certificate expires after 90 days and you have to renew it before it get expired. You can renew it manually by following command

sudo certbot-auto renew

Sometimes it may be possible that certificate get expired and you forget to renew it. To overcome with this problem you have to set up a cron job on your server which will renew the certificate automatically when it get expired. To do so, login to your server with root user and open the crontab file by running command given below:

sudo crontab -e

select the preffered editor and add the line given below

30 12,6 * * * /usr/bin/certbot-auto renew 2>>/var/log/cert-renew.log >>/var/log/cert-renew.log

This will run certbot-auto renew command on at 06:30 and 12:30 everyday and output of this will logged into /var/log/cert-renew.log.

Remove Let’s Encrypt Certificate

Sometimes, you might want to remove the Let’s Encrypt SSL certificate because of any reason. It may be due to private key is stolen by someone.

To revoke the certificate, run the command given below:

sudo certbot-auto revoke --cert-path /etc/letsencrypt/live//cert.pem

Now you can delete the certificate with this command:

sudo certbot-auto delete --cert-name 

Leave a Reply

Your email address will not be published. Required fields are marked *