Get Free valid SSL Certificate from Trusted CA

Created: Mon 20 Mar 2023 Updated: 8 months, 3 weeks ago

article-featured-image

SSL plays a key role when it comes to your website security and encrypted traffic. There is a high probability that some of your website's features will not work or you won't have any optimal security if your website does not have that lock icon or in other words, you don't have a valid SSL certificate. You cannot use your self-signed SSL Certificates because the web browser will not respect that and it will give a warning of an insecure website to visitors, which you don't want them to see.

In this tutorial, I'll be writing about how you can get Lifetime Free SSL Certificate from Trusted CA (Lets Encrypt) for your self-hosted websites. This process is being done on Ubuntu 20 but with a few changes, It will work on all major Linux distributions.

This demonstration will work on Django, WordPress, or your custom HTML/CSS/JS website without any problem.

Installing certbot

To get a valid SSL Certificate, we'll use Certbot which is an open-source software tool. It will generate SSL Certificate and those certificates will be issued by Let's Encrypt which is an open-source Certificate Authority (CA) providing SSL/TLS Certificates for millions of websites.

Select your web server and Linux distribution. In my case, it's Apache and Ubuntu 20 but you should choose according to your system.

guiding users to certain task

If you are doing this task on other than ubuntu, then you should follow the process that is described in the certbot documentation to install the required packages and then the certificate.

Certbot for Ubuntu

We require snap package manager which comes pre-installed in every Ubuntu version that comes later 16.04 LTS. For some reason, If your system does not have snap installed, you can install by running these command:

$
sudo apt -y update && sudo apt -y install snapd

Log out and log in back or restart the system to make sure snap's paths are updated correctly. Now we'll use the snap package manager to install some packages that are essential for this process. For ease of use, we'll create link of certbot from snap's paths to our system's bin paths.

$
sudo snap install core

$
sudo snap refresh core

$
sudo snap install --classic certbot

$
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Certbot for CentOS

To install certbot on CentOS, use the following commands. There are different methods for CentOS 7 and CentOS 8 to install packages that are required bycertbot.

For CentOS 7:
$
sudo enforce 0

$
sudo yum -y install epel-release snapd mod_ssl
For CentOS 8:
$
sudo enforce 0

$
sudo dnf install epel-release

$
sudo dnf upgrade

$
sudo yum install snapd mod_ssl

Reboot is necassary. After reboot, run these commands to enable and start snap along with linking for easy use of snap command in terminal.

$
sudo systemctl enable --now snapd.socket

$
sudo ln -s /var/lib/snapd/snap /snap

Rest of the process to generate and connect SSL certificate is common for all distributions.

Generating free SSL certificate using certbot

If you have followed through with the task to this point without encountering any errors, then you can start the process of generating the SSL Certificate and attaching it to your website. For that, run this command:

$
sudo certbot --apache

You will be asked to input your email address and some policy consents that you have to agree to. Moving on to the next part, if you have multiple websites running on a single server using virtual host, then certbot will show you a list of all those domains.

error in the task
  • I recommend selecting all domains because it would be better if we have HTTPS enabled for both ServerName and ServerAlias. For that, simply PRESS ENTER without typing anything.
  • Now the certificate should be generated and it's path written in the server configuration file. To verify that, simply open the Apache configuration file which can be located at /etc/apache2/site-available/website.conf and you will find something similar to this image:
task failed

As you can see, certbot automatically added certificate and key paths to our server configuration file. This certbot package comes with cron jobs that will automatically renew your SSL Certificate unless you changed your server configuration. That's it. You can go to your browser, clear your cache, and check your website. It should have HTTPS enforced and a lock icon that basically tells us that your SSL Certificate is valid.

Getting Free SSL Certificate for Django website

For Django websites, getting SSL Certificate from Let's Encrypt using Certbot is kind of similar but there are some extra tweaks that we have to do to make this work. After you follow through the above process, on Django it will give you WSGI error similar to "Name duplicates previous WSGI daemon definition".

To fix this issue, simply comment out these lines from the server configuration file:

#WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
#WSGIDaemonProcess example.com python-home=/path/to/venv python-path=/path/to/mysite.com
#WSGIProcessGroup example.com

Now run the certbot command again:
$
sudo certbot --apache

This time certbot will generate keys and put paths of them in the configuration file without any error. Next, we need to uncomment all the WSGI lines from the enabled configuration file. Go to this location /etc/apache2/sites-enabled, open your website configuration file and uncomment these lines:

WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
WSGIDaemonProcess example.com python-home=/path/to/venv python-path=/path/to/mysite.com
WSGIProcessGroup example.com

Now close and save the file, reload the Apache web server using sudo systemctl reload apache2 command, and your django website will have SSL certificate from now on.

This way you can get Free SSL Certificate from a trusted CA for both WordPress and Django websites. For other conventional HTML/CSS/JS websites, simply follow the first process and you will get your certificate without any issues. Just make sure your website project is live and accessible by public internet because you cannot get SSL Certificate if you are running a local server.

Known Issues

  • For some systems you have to manually enable Apache SSL module. Use sudo a2enmod ssl to enable SSL module. Restart the web server using sudo systemctl restart apache2.
  • If you are using mod_rewrite module to redirect URL, then might encounter some error if you have not enabled this module. Use sudo a2enmod rewrite to enable rewrite module. Restart the web server using sudo systemctl restart apache2.
Enable HTTPS for you self-hosted website
protocolten-admin

Author: Harpreet Singh
Server Administrator

POST CATEGORY
  1. Linux
  2. System Admin
  3. Security
Suggested Posts:
CYBER SECURITY post image
picoCTF Web Exploitation Challenges and Solutions

picoCTF is an open-source project. It's an enhanced platform for education and organizing competitions …

WINDOWS post image
Run any program as service in windows

Running a program as a service in Windows can be incredibly useful, allowing you to …

LINUX post image
Setup a new project on git and learn useful git commands

Git has become an essential tool for modern software development, enabling developers to collaborate, track …

PROGRAMMING post image
Python Coding Challenge (Level Intermediate)

Python is one of the most powerfull programming language. Python is used in web-development, …

KNOWLEDGE post image
Read Binary Bits with these effective methods

You are most likely familiar with the concept of Binary Language. Yes, you guessed …

Sign up or Login to post comment.

Sign up Login

Comments (0)