If wondering which SSL certificate has lower price, you should take a glance at moving HTTP to free HTTPS in this article. HTTPS using SSL certificates transfer sensitive data in safe way. Unfortunately, most website founders who are not aware of free approaches spend money upon this topic.
Here we introduce Let’s Encrypt, which an authority center issuing browser-trusted certificates to websites. Let’s learn about SSL basic knowledge, and how to get SSL certificates from this organization without costs.
Estimated reading time: 4 minutes
EXPLORE THIS ARTICLE
TABLE OF CONTENTS
SECTION 1
The Basics
Let’s learn what SSL certificate is and How it works. Your website can get free SSL certificates from CA to move HTTP to HTTPS. The CA should be trusted by major browsers.
Acquire a SSL Certificate
If a website wants to be HTTPS, let it apply to a SSL certificate issuer, called CA(Certificate Authority), to acquire a certificate. Importantly, the CA should be in a list trusted by browsers. If not, even though the website gets a certificate, but browsers won’t identify it.
A SSL certificate consists of a subject and a key pair. The subject is an identity of certificate owner such as www.example.com. The key pair includes a public key and a private key. Data encrypted by public keys can only be decrypted by private keys, and vice versa.
SSL Certificates Protect Data
When browser request HTTPS website, for security assurance, the website have to send back SSL certificate which includes a public key.
The browser checks if SSL certificate comes from trusted CA, if SSL certificate is expired, and if subject is relevant to the website. If passed, the browser sends a session key encrypted by the public key to HTTPS website, where the session key will protect sensitive data in transmission.
Finally, website decrypt the received data into a session key by using the private key, and sends back ACK encrypted by the session key to start a secure session.
SECTION 2
Free HTTPS
To get free SSL certificates, we suggest the CA of Let’s Encrypt. This organization has goals for people’s benefit to move servers from HTTP to HTTPS with a browser-trusted free certificate.
Let’s Encrypt – certbot
Let’s Encrypt is a trusted CA, and issue free SSL certificates for us. Before Install Tutorial in next section, we introduce the way how certbot create a SSL certificate.
$ sudo certbot --apache -d www.example.com
This command line gives you a SSL certificate for Apache service. Or option nginx create certificates for Nginx service. Assume virtual host config file is mytest.conf, the whole procedure should be
- Created an SSL virtual host at
/etc/apache2/sites-available/mytest-le-ssl.conf. - Deploying certificate to virtual host
/etc/apache2/sites-available/mytest-le-ssl.conf, which links to the following 3 files to represent the config of Let’s Encrypt, a SSL certificate including a public key, and a private key, respectively.
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
/etc/apache2/sites-enabled/mytest.conf to ssl virtual host in /etc/apache2/sites-available/mytest-le-ssl.conf. Directives for redirection in mytest.conf areRewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
List Installed SSL Certificates
You can list installed certificates. Note that each one has expiry period of only 90 days, so you might want to renew.
$ sudo certbot certificates
Found the following certs:
Certificate Name: www.example.com
Serial Number: 484f7c7d23e7df411cefa6dcdeb3c806dd4
Domains: www.example.com
Expiry Date: 2020-12-15 07:46:15+00:00 (VALID: 90 days)
Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem
Renew SSL Certificates
The following command line will renew SSL certificates that are due. Currently, renewal can only renew all installed certificates that are due, but not specific certificates.
$ sudo certbot renew
Stop SSL Certificates
You can temporarily stop HTTPS by commenting content in mytest.conf, and then issue shell commands to disable virtual hosts.
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.example.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]"
$ sudo a2dissite mytest-le-ssl
$ sudo service apache2 reload
If you would like to check whether HTTPS is changed to HTTP, remember to clear browser cookies, and new a browser tab for testing.
Resume SSL Certificates
To resume stopped certificates, you can uncomment content in mytest.conf, and issue shell commands to enable virtual hosts.
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]"
$ sudo a2ensite mytest-le-ssl
$ sudo service apache2 reload
Similiarly, to check whether HTTP is changed to HTTPS, clear browser cookies, and new a browser tab for testing.
SECTION 3
certbot Installation
The install procedure has many versions. We provide an universal approach for all OS platforms to easily upgrade HTTP to HTTPS with free SSL certificates.
Install snapd
snapd helps install certbot on different OS platforms. To Install snapd, issue the command line
$ sudo apt install snapd
Install certbot
Setting up Let’s Encrypt on Apache can be done by installing certbot using snapd.
$ sudo snap install --classic certbot
Simply, you have set environment for getting free SSL certificates.
FINAL
Conclusion
HTTPS websites get more Google’s ranking scores than HTTP websites does, so free SSL certificates will be helpful for budget.
Thank you for reading, and we have suggested more helpful articles here. If you want to share anything, please feel free to comment below. Good luck and happy coding!