Free SSL Certificate
An SSL Certificate is an encrypted data file in a text form that can configure on any server for secure/encrypt sensitive communications between blog/site and customers/visitors.
If you have any sensitive information on your website (including email and password), then you need to be secure. One of the best ways to do that is to enable HTTPS, also known as SSL Certificate (secure socket layers). So any information that going from your server will automatically be encrypted. That prevents hackers from sniffing out your visitors’ sensitive information as it passes through the internet.
The best thing about SSL Certificate is it’s simple to set up, and once it’s done you have to route people to use HTTPS instead of HTTP. If you try to access your site by putting https:// in front of your URL, you’ll get an error. That’s because you haven’t installed an SSL Certificate.
Setting up HTTPS on your website is very easy, just follow these simple steps:
- Host with a dedicated IP address.
- Get free SSL certificate.
- Activate the certificate.
- Install the certificate.
- Update your site to use HTTPS.
For more than a month all domains hosted in hosting plans and reseller have free SSL certificate and 100% valid.
This allows your web to be accessible via HTTPS and, therefore, with data encryption, completely free of charge.
Some of the free SSL certificate Encryption features that you’ll love are the following:
- Totally Free.
- Easy installation.
- No confirmation emails are required.
- It is not necessary to have dedicated IPs, which would also entail an additional cost.
- All major browsers recognize them.
- They have renewed automatically, always free unless you decide to revoke them.
There are several projects on the internet that provide free SSL certificate. And try to make it possible for blog/site owners that can not afford an expensive SSL certificate, can get it for free and thus make the web safer. Unfortunately, to enable secure browsing through these free SSL certificate options, advanced knowledge is required.
Enable free HTTPS browsing
There are many options for enabling an HTTPS website, without having to purchase an SSL Certificate. One is to use the CloudFlare service. CloudFlare is an internet CDN service, which be can use through free option or the Pro of payment. Blogs or websites that use CloudFlare’s CDN service can use HTTPS without having to buy or install an SSL Certificate, thanks to the Universal SSL project. It is possible because CloudFlare functions as an intermediary firewall between the original website and the user’s browser.
CloudFlare offers three options:
- SSL Flexible. This way navigation between the user’s browser and CloudFlare runs through HTTPS and CloudFlare and the original server through traditional HTTP.
- SSL Full. It allows using the original website a self-certificate, which is a certificate created by ourselves.
- Strict SSL. Requires a traditionally signed certificate that can be enabled on the site or uploaded to CloudFlare.
If you use CloudFlare to force all navigation on your site using HTTPS, do the following:
Open the Page Rules panel, in the URL box enter: * domain.com / * replace domain.com with the domain name of the site and activate the Option: “Always use https”.
Get free SSL certificate
You can get SSL certificates valid in all browsers and operating systems for zero Euros. Your goal is not to get rid of the mafia and the scam as (most) paid SSL certificates. Its purpose is to have Internet traffic encrypted. I will not go into detail about the protocol they developed ( ACME ), I will only comment on the pieces that we need to know and hope that with a little copy and paste they are working in minutes.
There are several implementations needed to manage the certificate request. Among them, I chose acme-tiny because its code is simple to understand. And basically, depend on Python and OpenSSL. But if you want to use something easier I created a small script in shell, use the acme-tiny function.
We also need a web server, even if the SSL certificate is for a mail server, XMPP, or whatever. It is necessary because Let’s Encrypt will make a request to our web server to validate that the domain of the requested certificate is really ours. If the file is there and it is correct, it is understood that the domain is under our control and the certificate is issued.
How to install a free SSL certificate on the server
The task of installing a free SSL certificate is quite delicate but possible.
An excellent guide to how to install an SSL certificate can be found on the DigiCert site: SSL Certificate Installation Instructions & Tutorials.
Choose the platform or operating system of your web server on the previous page to access the specific instructions.
The first thing we need (besides having acme-tiny ( link to “Wget-ear” ) and optionally my script ( link to “Wget-ear” )) is a directory for saving private keys and certificates. To not we will create this directory with write permissions (it is not a good idea to use under Apache / Nginx ).
So let’s start:
W have the / etc / SSL / (private | certs) directories, chose / etc / SSL / letsEncrypt:
# Mkdir / etc / ssl / letsencrypt # Chown agi: ssl-cert / etc / ssl / letsencrypt # Chmod 750 / etc / ssl / letsencrypt
Download the intermediate certificate of Let’s Encrypt so that the validation string of free SSL certificate does not trouble us. We will leave it in the created directory:
# Cd / etc / ssl / letsencrypt # Wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
Now create a private key to establish communication with LetsEncrypt:
# Cd / etc / ssl / letsencrypt # Openssl genrsa 4096> account.key # Chmod 600 account.key # Chown agi account.key
Now create the directory where the “client ACME ” leave files validation and that web server will return when requested LetsEncrypt:
# Mkdir / var / www / letsencryptchallenges # Chown agi / var / www / letsencryptchallenges
After all configure the web server to serve the contents of that directory. If we have a single domain, then do the configuration like this. And if you have several domains, configure the directory globally. As an example, this would be the configuration for an Apache server:
Alias /.well-known/acme-challenge// var / www / letsencryptchallenges / <Directory / var / www / letsencryptchallenges> Options None AllowOverride None Order allow, deny Allow from all </ Directory>
At this point, if you are not going to use my script you should follow the acme-tiny instructions to create a CSR (Certificate Signing Request), install the free SSL certificate and schedule a recurring task to renew it.
After installing these free SSL certificate, it’s recommended that make a backup copy of the old SSL certificates and store it in a secure place. Otherwise, If the server crashes or needs to be replaced, it is much easier to secure the replacement.
Once you have installed free SSL certificate, it’s recommended that check everything is working correctly using this free SSL Installation Diagnostics Tool. For an easy way to find and manage all SSL certificates on the network.
Many developers who have a copy of their website on the computer to test using a local server, either Apache or IIS (Internet Information Services), can implement a self-certificate. It allows us to test the operation of the site locally, before taking the step and make effective the change in the network. The installation of Apache includes two files: the “server.CRT” certificate and the private key “server.key”, it is only necessary to enable SSL by uncommenting the “SSLEngine on” line in the configuration file called “httpd-ssl.conf”.
Free HTTPS on all your websites
The free SSL certificate is already installed on your website, but HTTPS access is disabled by default. Therefore, if you want your website to be accessible via HTTPS you will have to activate that possibility from the Hosting Panel.
You can disable HTTPS access to avoid any kind of negative interference in the search engine positioning of your website. In principle, the web works over HTTPS is good for SEO positioning. But the transition from HTTP to HTTPS should be done correctly, otherwise, it can have negative effects.
The use of HTTPS instead of HTTP has multiple advantages, so our recommendation is to stop using HTTP in your web and force the use of HTTPS. Among the advantages of using HTTPS, we can highlight:
- Improve the privacy of your users and the information you share
- Improve search engine positioning or SEO
- The Google Chrome browser highlights your website as Secure.
Anyway, as we said, the transition to HTTPS has to be done correctly. We’ll explain how to do it.
Disadvantages of free SSL certificate
The companies that offer free SSL certificate are issued by cPanel, Inc. And compare to GeoTrust they do not provide the ‘trust’ component.
In some cases, there are situations where it is not convenient or not possible to use the free SSL certificate, mainly:
- The payment gateway is not compatible with implementation, ie requires dedicated IP address.
- If you have a virtual store you will probably want to have a Geotrust certificate instead of free SSL certificate, to improve trust.
- Users of Internet Explorer in Windows XP will not be able to access your web via HTTPS since this browser does not have support for SNI. Therefore, if you need to support these users, it is best not to activate HTTPS or to contract a dedicated IP address.
What I do
If your web is not affected by those 3 incompatibilities that we have just indicated. Then our recommendation is you should migrate to HTTPS and for this, you should follow the following indications:
- From HTTPS Configuration of the Hosting Panel, change the configuration of your domain to Allow HTTP and HTTPS.
- Verify that your web works perfectly via HTTPS. To do this, it is best to review the errors that are displayed in the Console tab of the developer tools of your web browser.
- Once you confirm that there are no errors, change the setting to Force HTTPS.
For example, below you can see the web that works correctly via HTTP but has enough errors when accessing via HTTPS:
You have to avoid these types of errors in your HTTPS website. If you detect them you will have to modify your web page template instead of inserting the images, CSS, JS, etc.
If your website has CloudFlare enabled, the process you should follow is a little more complicated and extensive than explained above. The steps would be:
- In the Hosting Panel, change the configuration of your domain to Allow HTTP and HTTPS
- Disable CloudFlare
- Verify that your web works perfectly via HTTPS.
- Re-enable CloudFlare and wait about 24 hours.
- Verify that your web, once activated CloudFlare, continues to function correctly via HTTPS.
- If all goes well change the setting to Force HTTPS