Completely free SSL certificates - no setup or ongoing fees
During my research into the simple things I can do to boost the reputation and subsequently (hopefully) my search engine rankings I discovered that activating https apparently provides a minor SEO benefit . Unfortunately I also discovered that there is a cost associated with getting the SSL certificates required to set up https and that it was going to get quite expensive to set up the basic domain validated certificates for the half dozen or so websites I run. So I did what any budget conscious webmaster does and went searching for free or cheap SSL certificates.
12 months ago when I did this I found a few good cheap options such as godaddy who provide domain verified SSL certificates for under USD$10 so I signed up for them , unfortunately I wasn't able to find cheap certificates for all my websites so I only got them for the higher traffic sites. Unfortunately 12 months later certificates started to expire introductory prices were gone and renewing certificates was going to cost me hundreds of dollars so once again I wend searching on Google and found Letsencrypt.org who is providing free domain verified certificates and when I say free I mean free to set up and no ongoing recurring charges.
After investigating Letsencrypt.org I discovered that the only catch is that they run an automated service and if your hosting provider isn't set up for this automated service then you need to follow a manual process to set up, install, and renew certificates which as I discovered can be a little complicated when you are working out what you need to do.
The following tutorial documents what you need to do to manually create and install certificates provided by Letsencrypt.org.
- Macbook pro running OS X 10.11.5 El Capitan ( this is my home computer used to access the Internet )
- Webhosting provider running CPanel who allows me to install my own certificates and allows filemanager access for the creation of files and directories..
Steps to follow:
Start by installing the Letsencyrypt software required to generate certificate keys on your local machine:
Once the software has downloaded and installed you can use the following steps to start generating certificates which will be installed on your website later.
In the request below we specify a key size of 4096 and request a certificate that can be used on adomain.com and www.adomain.com
./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d adomain.com -d www.adomain.com --debug
Enter the password for your Mac when prompted.
Note: It is only necessary to use the --debug option the first time you generate a certificate as it triggers the once off download ind installation of XCode command line tools which are required for success.
Lets encrypt will then step through the following process of verifying each of the domains specified in the command line ( adomain.com & www.adomain.com in this case ).
The user interface isn't particularly friendly so you need to watch it closely.
- Click Yes if you are ok to have your IP address logged as having requested the certificate ... If you are not OK then click No and the certificate request process will stop.
A message similar to the following will be displayed:
Make sure your web server displays the following content at
http://adomain.com/.well-known/acme-challenge/c95E8aJS91Akd4sORhF6YpOjtfDxp9g1sJoxhuvn1RA before continuing:
Do not press enter to continue yet
Open Cpanel for your domain in a web browser and use filemanager to create a text file in the .well-known/acme-challenge subdirectory of your main domain directory with the name and content specified in the message above:
Once the file has been put in place you can return to the terminal window containing letsencrypt and press enter.
The above process will repeat for each -d argument you have entered in the command line.
If you have put the validation files in the right directories with the right content validation will pass and you will get a message indicating that your certificate has been generated.
Once you have generated your certificate you can retrieve the keys from your local machine and install them for your website as follows:
Navigate to the SSL/TLS area of CPanel and select Install and Manage certificates
Select the domain you wish to install certificates for from the domain drop down list
Return to your terminal window and type the following to display the key information:
Cut and Paste the contents of each key into the corresponding field displayed in CPanel i.e. copy the contents of cert1.pem into the CRT field, privkey1.pem into the KEY field, and chain1.pem into the CABUNDLE field .
Hit the Install Certificate button and the job is done.
You should now be able to open a webbrowser and navigate to your website using https:// with or without www. at the front.