How to get a free SSL certificate for your website?

Posted by

There are multiple ways to get an SSL Certificate for your website. The most used one for non-technical people is buying one from the hosting provider where your website is running. Buying a certificate is not needed when your hosting provider let you import a cert with the cert files.

SSL certificate using a web interface

NOTE: This option is mostly free for a couple of months, or for 1 request.
Example providers where you can get one are: letsencrypt, sslforfree and zerossl.

SSL certificate using certbot (preffered)

Certbot is a cool tool which you can use to request a free SSL certificate. The certificates are given out from Let’s Encrypt, which are signed by the “Internet Security Research Group”.

How to install certbot?

This tutorial is tested on Ubuntu 22.04.

The recommended way of installing certbot is with snapd. Install snapd and certbot with the following commands:

It’s recommended to add certbot to your path, so you can run the command from every folder.

Certbot command options

Useful table with all the cerbot options, with some examples below.

PluginAuthInstNotesChallenge types (and port)
apacheYYAutomates obtaining and installing a certificate with Apache.http-01 (80)
nginxYYAutomates obtaining and installing a certificate with Nginx.http-01 (80)
webrootYNObtains a certificate by writing to the webroot directory ofan already running webserver.http-01 (80)
standaloneYNUses a “standalone” webserver to obtain a certificate.Requires port 80 to be available. This is useful onsystems with no webserver, or when direct integration withthe local webserver is not supported or not desired.http-01 (80)
DNS pluginsYNThis category of plugins automates obtaining a certificate bymodifying DNS records to prove you have control over adomain. Doing domain validation in this way isthe only way to obtain wildcard certificates from Let’sEncrypt.dns-01 (53)
manualYNObtain a certificate by manually following instructions toperform domain validation yourself. Certificates created thisway do not support autorenewal.Autorenewal may be enabled by providing an authenticationhook script to automate the domain validation steps.http-01 (80) or dns-01 (53)
Source: Certbot Documentation
Use Certbot to get a free SSL stand-alone certificate

If you want to request a certificate for your website which is running within a hosting provider, you can request a stand-alone certificate and even a wildcard certificate.

Use this command for getting a standalone wildcard domain certificate, for a wildcard certificate you need to be able to add DNS records to your hosting DNS server for the acme challenge:

Add the .txt records to the hosting provider’s DNS configuration, which are showed on the next page. Like this example. *Change the TTL to the lowest possible value, so the records will be going true fast.

Wait 5 minutes, to make sure the records are update.
Hit the enter button again to see the path to your new certificates.
Get all your certdata with the following commands:

Use certbot to get a free SSL certificate for your local web server

With certbot it is possible to generate certs for your local Apache or Nginx web server.
This is possible when you are using your own web server. Certbot will manage all the configuration for your local web server. Including placing the certificates in the correct paths etc.

To enable auto-renewal:

Leave a Reply

Your email address will not be published. Required fields are marked *