Get free SSL certificate for your website. Whether you are using shared hosting for your website or you have a VPS or dedicated server, it does not matter, you can get free SSL certificate for your website. If you are using these hosts recommended for wordpress, you can ask your web hosting provider to install Let’s Encrypt in your control panel so that you can install unlimited free SSL certificates on any domain. If you are using an unmanaged VPS or a dedicated server, follow the procedure below to install Let’s Encrypt and get free SSL certificate for unlimited domains.
Now it’s time to switch to HTTPS & secure your websites. Let’s Encrypt is an SSL certificate authority that provides free SSL certificates to enhance security. It provides a certificate for TLS encryption. Let’s Encrypt prevents you from hassles of creating manual creation, validation, signing, installation & renewal of SSL certificates and utilizes Automated Certificate Management Environment (ACME) to issue SSL automatically. Let’s Encrypt is managed by Internet Security Research Group (ISRG).
This tutorial will cover the following topics:
Note:
This tutorial is specific for Ubuntu / Debian and CentOS. Commands may vary depending upon the other distributions of Linux.
Important:
The tutorial is written for non-sudo users ( non-root users ). To execute any command with root privileges, you must prefix command with ‘sudo’.
You will require Putty to access your VPS via SSH.
Before you begin to install Let’s Encrypt, you must update your server’s software packages by using the following commands:
CentOS
# sudo yum update && sudo yum upgrade |
Ubuntu / Debian
# sudo apt-get update && sudo apt-get upgrade |
You will be asked to enter your password. Enter your password for the logged as user.
After entering passwords, you will be asked “Do you want to continue? [Y/n]”
Press ‘Y’ & then press enter key.
In the second step, you will have to install Git on your server to begin installation of Let’s Encrypt from official GitHub repository. To install Git, use the following commands:
CentOS
# sudo yum install git |
Ubuntu / Debian
# sudo apt-get install git |
You will be asked to enter your password. Enter your password for the logged as user.
After entering passwords, you will be asked “Do you want to continue? [Y/n]”
Press ‘Y’ & then press enter key.
Get your clone of Let’s Encrypt from official GitHub repository and install it to
/opt/letsencrypt
Execute the following command to clone:
Ubuntu / Debian / CentOS
# sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt |
You will be asked to enter your password after executing the command. Enter your password for the logged as user.
Navigate to new directory /op/letsencrypt using the commands below:
# cd /opt/letsencrypt |
Note: /opt
is a commonly used installation directory for 3
rd
party packages, you can change if you can handle easily.
Certificate Authority (CA) will authenticate your domain based on challenges that Let’s Encrypt performs automatically for Domain Validation using a series of challenges. Once your Alibaba Cloud has been validated, you will be issued SSL certificate by Certificate Authority (CA).
Note:
Each domain & its sub-domain will have its own separate certificate. Let’s Encrypt does not issue wildcard certificates.
To create SSL certificate for a single domain using Let’s Encrypt, use the following command:
# sudo -H ./letsencrypt-auto certonly –standalone -d myweb.com |
Note:
myweb.com will be replaced by your own domain.
To create SSL certificate for more than 1 website, you can add -d myweb.com to the end of command. See the following command:
# sudo -H ./letsencrypt-auto certonly –standalone -d myweb1.com -d myweb2.com |
You will be asked to enter your password after executing the command. Enter your password for the logged as user.
After executing the above command, you will be asked to enter email address. Put email address here, it will be used later in case to regain control of lost certificate & receive security notices urgently. Press “TAB” button to navigate to given options and press “Enter” to select operation.
Agree to terms & conditions as shown below.
If the process went great, you will see the message below. The appearance of this message tells that Let’s Encrypt has approved & issued certificates for your desired domains. IMPORTANT NOTES: - If you lose your account credentials, you can recover them through e-mails sent to somebody@.example.com. - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/myweb.com/fullchain.pem. Your cert will expire on 2018-02-28. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - Your account credentials have been saved in your Let's Encrypt configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt, so making regular backups of this folder is ideal. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
# sudo ls /etc/letsencrypt/live |
# sudo ls /etc/letsencrypt/live/myweb.com |
After execution of the above command, you will see output:
cert.pem chain.pem fullchain.pem privkey.pem
Each output file has different purpose:
Identrust cross-signs the certificates and ensures compatibility between different browsers and certificate.
These files point to different file. These are their symbolic links to actual certificate files. Actual certificate files are located in /etc/letsencrypt/archive directory.
You can see the status of fullchain.pem by executing following command:
# sudo stat /etc/letsencrypt/live/myweb.com/fullchain.pem |
Output will be:
File: ‘live/myweb.com/cert.pem’ -> ‘../../archive/myweb.com/cert1.pem’ |
Note
: In case if you forget to renew your domain’s SSL certificate, Let’s Encrypt will remove directory from
/etc/letsencrypt/live
but it will be retained in
/etc/letsencrypt/keys
&
/etc/letsencrypt/archive
.
To renew SSL certificate issued using Let’s Encrypt, follow the steps below:
# cd /opt/letsencrypt |
#sudo -H ./letsencrypt-auto certonly –standalone –renew-by-default -d mydomain1.com -d www.mydomain2.com |
If the process went great, you will see a confirmation message as:
IMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2018-02-28. To obtain a new version of the certificate in the future, simply run Let's Encrypt again.- If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Note:
Let’s Encrypt SSL expires in 3 months (90 days). So, you must renew it in within 90 days of issuance date.
If you are living in a digital world you must know how to protect your…
Software Development Life Cycle Model, also known as SDLC or Software Development Process, is base…
Go, often referred to as golang is a modern open-source programming language created by Google…
Torque published an article on October 18, 2016, about WordPress statistics. According to this article,…
PostgreSQL, often known simply as Postgres, is an open-source general-purpose object-relational database management system. In…
SEO is free as well as paid. To achieve SE ranking, money is not enough.…