I had no idea, until today, that you could get a 100% valid and free SSL certificate for your website. I just set it up for this blog and now I’m HTTPS compatible with a green secure icon, and I paid nothing! Shout-out to @ericlaw for the tip. There’s absolutely no reason every website shouldn’t be secure, so here’s how to do it.
We’re going to be using a certificate authority (CA) called Let’s Encrypt. They’re trying to make the internet a more secure place, and rely on donations from organizations and regular people to keep things going.
Getting Started with your Free SSL Certificate
Head on over to Let’s Encrypt’s Getting Started page. They break it down into two options, one being if you manage your own server, and the other if you’re hosted on a 3rd party retailer.
Option 1: Self-Hosted w/ Shell Access
Visit Certbot for a guide to generating and installing your ssl certificate.
If you’re hosting yourself and have shell access, you’ll be using Certbot (link above) to get your free ssl certificate generated and installed. It took me no more than 10 minutes, and that’s because I actually read everything. You just need to select your server and system specifications, and they will provide a step-by-step guide to getting everything working.
The last part of the guide tells you to create a cronjob to automatically renew your free ssl certificate before it expires. If you’re unfamiliar with creating a cronjob follow these simple steps:
SSH into your server and type the following command:
sudo crontab -e
Inside the editor, you’ll want to specify how often to run the command. In my example I’m doing it at 5am and 5pm:
0 5,17 * * * /usr/bin/certbot renew --quiet
Now, restart your crontab (command may differ depending on system):
sudo systemctl restart crond.service
If this isn’t clear for you then you can simply google how to set up a cronjob on whatever system you have. It’ll be pretty straight forward and a good learning experience.
Option 2: Hosted on a 3rd Party
If you’re hosting your site or blog on a 3rd party hosting company, you’ll need to see if your hosting provider has support for Let’s Encrypt. Check out the list of supported web hosting companies.
If your host is on that list, they should have documentation on how to generate and install your SSL certificate. Reach out to their customer service department if you can’t find the information on their website.
If your host is not on the list, you should contact them to see if they have plans to add support. If not, you still have an option. Follow the Let’s Encrypt Manual Mode Guide to get started. I will warn you, however, that if you’re not technically savvy, it’ll be tricky
Validating your Free SSL Certificate
The last step is to make sure everything is working properly. Visit your website normally and you should be redirected to the https:// version automatically. You’ll want to make sure any content on your site (images, scripts, etc.) are pointing to a secure domain as well or else browsers will mark your site as partially secure.
Qualys SSL Labs offers a service to scan your site and validate your security. Here is an example of my blog’s SSL status. Hopefully my grade is still an A (if not, please contact me!!!). Just plug your website into there, and see what grade you have. If you don’t have an A, then read what’s wrong and take the steps to fix it.
You should be all set! Now your site is HTTPS enabled. SSL helps make the internet a better and safer place. Thanks for doing your part!
Please comment if you have questions or notice any mistakes in this post. My goal is to help as many people as possible secure their sites and blogs, so accuracy is important to me.