Rachel H Kay Blog

How To Get SSL Certification For Free

Jan 19, 2017

As of January 2017 Google is making it mandatory for websites to be SSL certified, otherwise sites will be flagged as not secure. For those of you who don't know what SSL certification is, look at the URL of my website. There you will see a padlock, and instead of HTTP you see HTTPS. This means that all information that is processed between browser and server is encrypted, making it much harder for anyone to hack information. For those of you who run eCommerce sites, this is a must to keep your customer's payment and contact information secure. For myself, I felt it was a necessary option to provide that extra bit of comfort to my site visitors, especially for those who contact me via my contact form. 

Now to the good part. Depending on your hosting company and the type of hosting plan you have, you can purchase SSL certification from your hosting company. Some companies do offer this add on for a reasonable price. But others seem to charge quite a bit. For those of you who can't afford to take on the extra charges through your hosting company there is an alternative. You can get SSL certification for free using ZeroSSL. This online tool provides a way for you to obtain SSL certificates for your website, which are issued through Let's Encrypt, a free, automated, and open certificate authority run to benefit you, the public, and provided by the non-profit Internet Security Research Group. 

Generating Your Certificate

ZeroSSL is a very easy way to generate a Let's Encrypt certificate. After the certificate is generated it gives you the file contents that you then upload to your hosting provider.

Make sure you use the online tool. Just click the Online Tools button to get started, and underneath where it says Free SSL Certificate Wizard click the Start button. You will then be directed to the Details screen.

Here you will enter your email in order to receive notifications from Let's Encrypt. I recommend adding your email. That way you can restore access to your account if needed, and you will receive a notification when your certificate is about to expire. Then enter the domains you want covered in the certificate. For example, I wanted to ensure my domain was completely covered, so I added both rachelhkay.com and www.rachelhkay.com. Then you just need to accept both the ZeroSSL TOS and the Let's Encrypt SA

For the Verification option it is up to you which one you choose. Choosing the HTTP option means you will verify domain ownership by creating a text file on your server. The content you will need to put into that file will be on the next screen. Then you just need to upload it using an FTP client, such as FileZilla, to your root directory, which in most cases is public_html. Choosing the DNS option means that you will verify domain ownership by creating a TXT record in your DNS on your server in your hosting account. For me the DNS option was the easiest, and I will explain that process later in this post for those of you who don't know how to use this option. 

Once you have filled out the Details screen click Next and your CSR and Let's Encrypt key will be generated. Make sure you download a copy as a txt file for both the CSR and the key. You will need to keep these for your records. The key will be needed to upload to your hosting provider and to renew your certificate, and the CSR will also need to be uploaded to your hosting provider account. So don't lose them.

Once you've downloaded both your CSR and your Let's Encrypt key and stored them both in a safe place, click Next. You will then be taken to the Verification page. This is where you will find the information you need to add to your TXT file, if you chose the HTTP option. If you chose the DNS option, this page will have the information you will add to a TXT record you will need to create in your DNS records in your hosting account.

DNS Verification

For those of you who have cPanel hosting the steps I list here will be similar, but may vary depending on your hosting company. In my cPanel under Domains, there is a DNS Manager option. Click that and you will be taken to your DNS Manager. I have GoDaddy cPanel, so after I go to my DNS Manager I have to select Manage Zones underneath DNS in the top navigation menu. Then select the domain you want to manage. You will then be taken to the DNS records for that domain. I know that not everyone has GoDaddy hosting, so some of the steps to get to your DNS records will vary. If you happen to get stuck just use the help option in your hosting and search for something like "Adding a new DNS Record". 

Once you are in your domains DNS Records click on where it says Add. For me this button was at the very bottom of my records. Next, under Type select TXT, for Host you need to enter @ so that the TXT record will map directly to your domain name. In the TXT Value you need to enter the value on the ZeroSSL verification page. Then in the TTL (Time To Live) drop down you select the amount of time you want the server to cache the information. I chose the custom option and chose the least amount of seconds it would allow me to choose. You then just need to click Next in ZeroSSL to see if the verification went through. Using the DNS option to verify domain ownership won't be instant once you've created the TXT Record. It will take a little bit of time. I had to wait around 30 minutes before I could click Next to see if the verification went through. Once it does you will then be taken to the Certificate page where your newly generated certificate will be ready for you to download. Then just upload the certificate to your hosting, usually under the SSL/TLS option in cPanel, or something similar in your hosting. 

Once you've done that check your URL for the lock and the HTTPS. If it isn't there, and you successfully uploaded your certificate then there is one final step to make the verification active on your domain. You will need to access your site's files in your document root, public_html, using an FTP client, FileZilla is highly recommended. There you will need to open your .htaccess file and add this bit of code:

# Force all traffic to use HTTPS	
RewriteCond %{SERVER_PORT} 80	
RewriteRule ^(.*)$ https://yoursite.com/$1 [R,L]	

If you don't have an .htaccess file already then you can create one and add this bit of code to it. Basically this code forces your site to use HTTPS instead of HTTP. 

In some cases you may have links in your actual sites code that have the http://mysite.com/gohere. If so you will see a gray warning icon on top of the lock in the URL. In order to fix this you can either A, go through your entire site looking for the links that have HTTP, or B, you can go to Why No Padlock, enter your URL, click on Check, and you will be provided with a list of links that need to be updated with HTTPS. Once you've corrected those links you should see the padlock in your URL, and your site is now secure.

The only thing you need to know about the ZeroSSL option, besides how easy it is to use, is that you do have to manually renew your SSL certificate every 60 days using your Let's Encrypt key and existing CSR to easily generate a newly renewed certificate. While some of you may not like the idea of manually renewing every 60 days, remember this option is free, so try not to gripe too much.

1 Comments
4rx
Apr 07, 2017
Wow cuz this is really great work! Congrats and keep it up. http://bit.ly/2p7LTKb

Add a Comment

About Me

Hi there. I'm Rachel Kay, a Web Developer, Illustrator, & Designer, whose hobby is to be creative and artistic, while freelancing as a Web Developer building creative, modern websites.