E-Tech Club
Generate free SSL certificate for your website
If you already have searched in many places and got confused about how to run your website in https and for free, then you are at the correct place.
What do you need?
- Linux machine (preferred) or windows will work too.
- Internet connection 😄
- Your domain DNS access.
- And some copy-pasting.
For this article, I used my AWS account to get an EC2 instance running ubuntu on which I can execute a few commands. or if you have OS preinstalled in you machine its best, if not you can have a VM on which you can run it.
Step 1: Pre-requisites
Verify if you have python and git installed in your system, if not no worries run the below command in your machine. If you have ubuntu you can follow the below commands or you can use the relevant command you flavor of OS.
apt-get update
apt-get install python-minimal
python --version
apt-get install git-core
git --versionStep 2: Get certbot
To get certbot installed in your system run the below commands
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
cd /opt
git clone https://github.com/certbot/certbot.git
cd certbot && ./certbot-autoStep 3: Generate the certificates
Run the below command by keeping your domain details in it.
./certbot-auto certonly \
--manual --preferred-challenges=dns --email [email protected] \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d yourdomain.comYou can pass multiple domains at the same time by adding the multiple -d flags. You are allowed to pass wildcards too if your hosting provider supports wildcard like *.yourdomain.com.
Step 4: Completing the challenge
Don't worry, its a simple challenge that you need to prove that you have control over the domain by adding few TXT records in your DNS.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.yourdomain.com with the following value:
-ZGP****************************XR0Q
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...Now, go to your domain provider or to your current name server and create a new TXT record with host name as "_acme-challenge" and the TXT value as asked for you by certbot.
Don't press enter now... Follow the 5th step before pressing enter.
Make sure to keep the TTL value as minimum as possible for the new TXT record. If will be helpful if by any chance cerbot failed to verify the challenge. So the next time new value will not take time to reflect.
Step 5: Verify TXT record is created successfully
In order to verify the visit mxtoolbox.com/TxtLookup.aspx and enter your TXT record name in the field and hit the button to verify if the value is updated.
If you are also able to see the value which you created in DNS records then you can go ahead to the next step.
Step 6: Press enter 🤪
Now, switch back to your terminal and press enter.
Make sure that you see all the challenges getting passed. Now you can copy the private key and certificates generated by certbot and keep in the appropriate location. To see that if your certificates are valid and get the file location of them you can run the below command.
./certbot-auto certificatesAfter running the above command you should be able to get a similar result as shown below.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: yourdomain.com
Serial Number: 33c*************************************739
Domains: *.yourdomain.com
Expiry Date: 2XXX-XX-XX 16:11:41+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/yourdomain.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -As this certificate will only be valid for 3 months, you can always come back and run the renew command which will reissue a new certificate for you which you can use again to secure your site.
😅FYI: All these certificates are issued by Let's Encrypt.
Enjoy!
