Shaan Chopra

Log something crazy, but intresting.


get-free-wildcard-ssl-certificate

How to Get Free Wildcard SSL Certificate?

Date:

Are you looking for a free SSL wildcard certificate? If you are then you will find everything you need here in this post. SSL are important not only for site security but also for SEO. On August 07, 2014 Google announced that having a secure site will be a ranking signal. So, why not have an SSL on your site when it is free?

SSL is a Secure Sockets Layer it makes your site go from HTTP to HTTPS, s stands for secure. It encrypts data communication to and from the web browser to the web server. In simple words when you type your username and password to login into any site. That request from your browser where you typed to the site's server is encrypted.

It is very important, just think about it where all we type our username and password, banks, social networks, email accounts, and cloud drives. If these sites are not secure then your data can be compromised.

Type of Certificate

There are plenty of ways to get an SSL certificate but you should know what type of certificate you need. They all do the same job, the only difference is the verification process.

Then there are Single, Wildcard and Multi-Domain certificates. As the name suggests single are usually for one site or sub-domain. The wildcard is for the domain and all the sub-domains. Multi is for multiple domain names.

Here on this site, we are going talk about Single, Wildcard, and Multi-domain authentication at the Domain level only. For the organisation and Extended you need to seek a certifying authority like Comodo, DigiCert or SafeSSL and many more. As there is insurance attached against the breach of communication data.

Most of the time for sites like mine, normal sites, and personal blogs a free SSL Wildcard at the Domain level is just perfect.

How to get a free wildcard SSL?

Everything is dependent on where your domain is and how you are hosted. There are a lot of hosting providers that support letsencrypt. With these hosting providers, you don't have to do anything.

Then there is VPS, here you just need to use Certbot that will take care of the SSL.

Lastly, there are shared and dedicated hosting providers that are not providing letsencrypt certificate. They actually want you to buy the certificates from them but they allow self-bought certificates.

Before I start explaining to you how to get a free SSL are you comfortable with the SSH command line? In all cases, you have to run certain commands to get the certificates. If you are not technically up for it then there is only one solution.

Cloudflare

The easiest way to get a free wildcard certificate for your site. Cloudflare is known and used by many sites for its security issues. They not only secure the connection from the browser to Cloudflare they also secure the connection from Cloudflare to your server. For this, to work you have to change your domain's NS to theirs and then use the DSN to point where you want.

For this create an account on Cloudflare, it's free then add your domain name and Cloudflare will automatically pick up the DNS. Then provide you with their name server which you need to update in the domain name.

Once you have done that Cloudflare has now started a secure connection from the browser to Cloudflare. Now in your Cloudflare dashboard select SSL/TSL, you will find Your SSL/TLS encryption mode is Flexible change it to Full which is end-to-end encryption.

cloudflare-add-dns-origin-server-full-encryption

Now head over to Origin Server under SSL/TSL option and create a certificate. The keys that Cloudflare generates need to be pasted into your hosting account.

Certbot

If you have a ubuntu VPS, like on Linode, Digital Ocean, AWS or any other then you just follow the below commands and get an SSL.

SSH into the command line and type the below commands and follow the instructions.

sudo apt install snapd

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Lastly if you are on Apache then

sudo certbot --apache

If on Nginx

sudo certbot --nginx

After this follow the instructions of the certbot and you will have an SSL installed on your site in no time.

If you have any other OS you can always visit the certbot site and check for instructions.

Shared or cPanel Hosting

This is where things get interesting, a lot of people go for shared cPanel hosting because of the cost and easy management. Later end up paying for unnecessary add-ons. SSL certificates are one of that add-ons. You can still have a free SSL wildcard certificate when you run certbot on a different system.

Here is what you have to do, run certbot manually and generate a certificate.

Getting a VPS is easy you only need it for less than 10 minutes and still, if you don't want to spend any money then use Oracle cloud free forever. They do require you to add a credit card while registering but they will not charge till you are in the free forever plan.

SSH into the VPS and type the below command.

sudo apt-get install certbot

sudo certbot certonly --manual -d YourDomainName.com -d *.YourDomainName.com

Now the certbot will ask you to verify the domain by adding a TxT record in the domain DNS and adding a file in the YourDomainName.com/.well-known/acme-challenge.

Once done correctly it will issue the certificate which is in the letsencrypt folder. You have to manually add the certificate in the cPanel's manage SSL. (Security > SSL/TLS > Manage SSL sites)

cpanel-install-an-ssl-website

To view the certificates type the blow command

sudo cat /etc/letsencrypt/live/YourDomainName.com/privkey.pem

sudo cat /etc/letsencrypt/live/YourDomainName.com/fullchain.pem

Now you have a free SSL wildcard certificate on your site.

Drawbacks for free SSL by Letsencrypt

They are valid only for 90 days and you have to do the process again. This is more of an advantage because you have to visit your server's backend every 90 days and you have the option of updating everything. Which we most of the time don't do or forget.

Who should get an SSL certificate?

Anyone and everyone who have a website should have an SSL installed. No matter whether your site is a personal blog or a single about me page or business. If you have a website you should have an SSL. It not only protects your user it also protects your server from the wrong people.

My View on Free SSL

SSL is important, I have a site which is about 7 years old and I have never bought an SSL and always used letsencrypt. Always think of security for your user and yourself first. Always look at the padlock in the browser when visiting a site. Most browsers these days warn you but if you reach these then avoid submitting private data.

There are these third-part sites that help you in generating SSL for free but you should also know that while doing so, your certificate is on their server. So please be cautious of these sites. If these free sites turn evil you will be in trouble. I would suggest that you generate SSL on your own servers and not use any middlemen's sites.

If you find any domain or hosting provider that is forcing you to buy SSL certificates from them only, stay away from these organisations.

This is going to be my last post for the year on this site. I wish everyone a very Happy and Prosperous New Year.