As a website owner you should take into account using SSL certificates for various reasons. First of all, they allow encryption so that the traffic between your website visitors and your server can make use of the HTTPS protocol. Secure communication will reduce the risk of man in the middle attacks which is important if sensitive information like passwords, etc are transmitted. HTTPS has also become important for search engine optimization (SEO) and many browser warn visitors if sites do not use SSL which might cause a bad user experience.
For the past couple of months we have been using ZeroSSL as a service to generate a SSL certificate. However, it seems that recently their business model changed and now you can only generate one certificate for free and would need to pay at least 10$ per month for additional certificates. In the past SSL for free was an alternative to create SSL certificates without paying for them but it seems that they merged with ZeroSSL.
Of course you can always pay for a SSL certificate but for most website owners a free SSL certificate will probably do it, especially if there is no critical information transfered between client and server.
Create a SSL Certificate with Let's Encrypt and Certbot
Let's Encrypt is a non-profit certificate authority that provides SSL certificates for free. In the end our SSL certificate will come from Let's Encrypt which is currently providing certificates for over 240 millions of websites.
Let's Encrypt encourages the use of Certbot, a open source software that simplifies the process of certificate provisioning. The provisioning process depends a bit on your webserver or webhosting configuration. This website is hosted on a virtual private server (VPS) with HostEurope. I do not have root access to install certbot directly on the VPS, hence I was using the certbot in manual mode. With root access or a certain webhoster the process of SSL provisioning might be much simpler and can be more automated. Please check https://certbot.eff.org/instructions for more details.
First I used the following command to install certbot on my Ubuntu system:
sudo apt install certbot
Next, I was using the following command to start the provisioning process of the SSL certificate:
sudo certbot certonly --manual
It will ask for some information such as:
- the domain names you want to create the certificate for (separated with coma or space, you might need to add www subdomain depending on your situation)
- if it is ok with you to log the IP (you need to approve to continue with the process)
The script will then tell you to place a file with certain content at a certain location of your webserver. Typically you can just create the file with the content locally and transfer with to your webserver via FTP. If you have SSH access, you can create the file directly on the webserver. Verify that you can access the file and that it has the correct content before confirming to proceed.
In the next step a bot will check for the file and its content to verify that you indeed have control over the domain. Once this is successful, you will find the certificate with private key and full chain on your filesystem.
You can then upload the files to your webhoster. After a short moment it should be activated and you can confirm in your browser that the newly generated SSL certificate is being used.
Do you need help with SSL certificates? Please contact us - we are looking forward to hearing from you.