Skip to content

free ssl certificate let’s encrypt

free ssl certificate let's encrypt
Share

Reading Time: 3 minutes

free ssl certificate let’s encrypt

What is SSL

SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers. SSL protocol was deprecated with the release of TLS 1.0 in 1999, but it is still common to refer to these related technologies as “SSL” or “SSL/TLS.” The most current version is TLS 1.3, SSL is a widely used protocol. We have a detailed tutorial on What is tls and SSL, Please go through it.

I have explained detailed steps for checking the SSL expiry date of any website using OpenSSL commands. Please check the tutorial here.

What is Let’s Encrypt

Let’s Encrypt is a global Certificate Authority (CA). Let Companies and organizations around the world obtain, renew, and manage SSL/TLS certificates. Our certificates can be used by websites to enable secure HTTPS connections. Let’s Encrypt offers Domain Validation (DV) certificates, You can also use its free service to generate SSL certificates.

Requirement

  • A computer running MacOS. You can also use Linux System
  • You need to have a reliable internet connection.
  • Basic level of comfort with running commands in a terminal (called a command prompt in Windows).
  • Homebrew: If you are using MAC then it is required however if you are using a Linux system then please ignore it. This is software that helps you install other software on a Mac. You can find instructions for installing it here.
  • You must have a valid domain and admin access to your DNS panel. If you are not a DNS admin and another team is managing for you then you can contact them to create a DNS record for you.

Manually creating a free SSL certificate

Install Certbot

To install Certbot on MAC, You can open the terminal and then run the below command.

$ brew install certbot

Linux Systems – Use the Below steps

If you are using a Linux system then install Certsbot using the below command however you need to install snap first then install Certbot.

$ sudo yum install snapd

$ sudo systemctl enable --now snapd.socket

$ sudo ln -s /var/lib/snapd/snap /snap

Install certbot on Linux or CentOs

free ssl certificate let's encrypt

$ sudo snap install --classic certbot

Prepare the Certbot command

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Create a directory for Let’s Encrypt

Create a directory in a location you like (e.g in your home directory, your Desktop directory etc) and give it a name you want. Let’s say we want to use YOUR_HOME_DIR/lets-encrypt. We can create the said directory by running this command:

$ mkdir ~/lets-encrypt

prove that you own the domain

You need to prove to Let’s Encrypt that you own this domain Before getting an SSL certificate for a domain . To do this, you need to solve a “challenge”. That is, do something that you would not be able to do if you didn’t own the domain and have admin access to it. You can do this by either uploading a file to a specific path on your server (called the HTTP challenge) or you need to add a certain DNS record to your domain (called the DNS challenge). I think the HTTP challenge is easier. I also think it should be faster for Let’s Encrypt’s servers to notice to it since DNS changes might take a while to propagate.

As explained above you have two options, One is HTTP challenge and other is DNS challenge. I will explain DNS method first then explain HTTP method.

DNS Challenge

free ssl certificate let’s encrypt

certbot certonly –preferred-challenges=dns –manual –config-dir ~/lets-encrypt –work-dir ~/lets-encrypt –logs-dir ~/lets-encrypt

free ssl certificate let's encrypt

Enter Email Address
Enter Yes – If you want your certificate to get on email
Enter Domain
Do not Enter Continue

ADD DNS TXT Record

Login to your DNS Panel and add the TXT Record that you get from the above command.
In this case, we added the below TCT record

Please deploy a DNS TXT record under the name:

_acme-challenge.testertechie.com.

with the following value:

R8XhrGnG8KglP77sCdTF16reYaSZLatITfRON2hC8ao

Enter Continue Now

You are all set, This certificate will be valid for 90 days.



Share

Leave a Reply

Your email address will not be published. Required fields are marked *