Easy Code Share > More > Linux > How Moving HTTP to HTTPS Gets Free of Charge

How Moving HTTP to HTTPS Gets Free of Charge

If wondering which SSL certificate has lower price, you should take a glance at moving HTTP to free HTTPS in this article. HTTPS using SSL certificates transfer sensitive data in safe way. Unfortunately, most website founders who are not aware of free approaches spend money upon this topic.

Here we introduce Let’s Encrypt, which an authority center issuing browser-trusted certificates to websites. Let’s learn about SSL basic knowledge, and how to get SSL certificates from this organization without costs.

Estimated reading time: 4 minutes



The Basics

Let’s learn what SSL certificate is and How it works. Your website can get free SSL certificates from CA to move HTTP to HTTPS. The CA should be trusted by major browsers.


Acquire a SSL Certificate

If a website wants to be HTTPS, let it apply to a SSL certificate issuer, called CA(Certificate Authority), to acquire a certificate. Importantly, the CA should be in a list trusted by browsers. If not, even though the website gets a certificate, but browsers won’t identify it.

A SSL certificate consists of a subject and a key pair. The subject is an identity of certificate owner such as www.example.com. The key pair includes a public key and a private key. Data encrypted by public keys can only be decrypted by private keys, and vice versa.


SSL Certificates Protect Data

When browser request HTTPS website, for security assurance, the website have to send back SSL certificate which includes a public key.

The browser checks if SSL certificate comes from trusted CA, if SSL certificate is expired, and if subject is relevant to the website. If passed, the browser sends a session key encrypted by the public key to HTTPS website, where the session key will protect sensitive data in transmission.

Finally, website decrypt the received data into a session key by using the private key, and sends back ACK encrypted by the session key to start a secure session.



To get free SSL certificates, we suggest the CA of Let’s Encrypt. This organization has goals for people’s benefit to move servers from HTTP to HTTPS with a browser-trusted free certificate.


Let’s Encrypt – certbot

Let’s Encrypt is a trusted CA, and issue free SSL certificates for us. Before Install Tutorial in next section, we introduce the way how certbot create a SSL certificate.

$ sudo certbot --apache -d www.example.com

This command line gives you a SSL certificate for Apache service. Or option nginx create certificates for Nginx service. Assume virtual host config file is mytest.conf, the whole procedure should be

  • Created an SSL virtual host at /etc/apache2/sites-available/mytest-le-ssl.conf.
  • Deploying certificate to virtual host /etc/apache2/sites-available/mytest-le-ssl.conf, which links to the following 3 files to represent the config of Let’s Encrypt, a SSL certificate including a public key, and a private key, respectively.
  • Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
  • Redirecting virtual host in /etc/apache2/sites-enabled/mytest.conf to ssl virtual host in /etc/apache2/sites-available/mytest-le-ssl.conf. Directives for redirection in mytest.conf are
  • RewriteEngine on
    RewriteCond %{SERVER_NAME} =www.example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


List Installed SSL Certificates

You can list installed certificates. Note that each one has expiry period of only 90 days, so you might want to renew.

$ sudo certbot certificates

Found the following certs:
Certificate Name: www.example.com
Serial Number: 484f7c7d23e7df411cefa6dcdeb3c806dd4
Domains: www.example.com
Expiry Date: 2020-12-15 07:46:15+00:00 (VALID: 90 days)
Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem


Renew SSL Certificates

The following command line will renew SSL certificates that are due. Currently, renewal can only renew all installed certificates that are due, but not specific certificates.

$ sudo certbot renew


Stop SSL Certificates

You can temporarily stop HTTPS by commenting content in mytest.conf, and then issue shell commands to disable virtual hosts.

 #RewriteEngine on
 #RewriteCond %{SERVER_NAME} =www.example.com
 #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]"

$ sudo a2dissite mytest-le-ssl

$ sudo service apache2 reload

If you would like to check whether HTTPS is changed to HTTP, remember to clear browser cookies, and new a browser tab for testing.


Resume SSL Certificates

To resume stopped certificates, you can uncomment content in mytest.conf, and issue shell commands to enable virtual hosts.

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]"

$ sudo a2ensite mytest-le-ssl

$ sudo service apache2 reload

Similiarly, to check whether HTTP is changed to HTTPS, clear browser cookies, and new a browser tab for testing.


certbot Installation

The install procedure has many versions. We provide an universal approach for all OS platforms to easily upgrade HTTP to HTTPS with free SSL certificates.


Install snapd

snapd helps install certbot on different OS platforms. To Install snapd, issue the command line

$ sudo apt install snapd


Install certbot

Setting up Let’s Encrypt on Apache can be done by installing certbot using snapd.

$ sudo snap install --classic certbot

Simply, you have set environment for getting free SSL certificates.



HTTPS websites get more Google’s ranking scores than HTTP websites does, so free SSL certificates will be helpful for budget.

Thank you for reading, and we have suggested more helpful articles here. If you want to share anything, please feel free to comment below. Good luck and happy coding!


Suggested Reading

Leave a Comment