Get Free valid SSL Certificate from Trusted CA

article-featured-image

SSL plays a key role when it comes to your website security and encrypted traffic. There is a high probability that some of your website's features will not work or you won't have any optimal security if your website does not have that lock icon or in other words, you don't have a valid SSL certificate. You cannot use your self-signed SSL Certificates because the web browser will not respect that and it will give a warning of an insecure website to visitors, which you don't want them to see.

In this tutorial, I'll be writing about how you can get Lifetime Free SSL Certificate from Trusted CA (Lets Encrypt) for your self-hosted websites. This process is being done on Ubuntu 20 but with a few changes, It will work on all major Linux distributions.

This demonstration will work on Django, WordPress, or your custom HTML/CSS/JS website without any problem.

Installing certbot

To get a valid SSL Certificate, we'll use Certbot which is an open-source software tool. It will generate SSL Certificate and those certificates will be issued by Let's Encrypt which is an open-source Certificate Authority (CA) providing SSL/TLS Certificates for millions of websites.

Select your web server and Linux distribution. In my case, it's Apache and Ubuntu 20 but you should choose according to your system.

guiding users to certain task

If you are doing this task on other than ubuntu, then you should follow the process that is described in the certbot documentation to install the required packages and then the certificate.

Certbot for Ubuntu

We require snap package manager which comes pre-installed in every Ubuntu version that comes later 16.04 LTS. For some reason, If your system does not have snap installed, you can install by running these command:

$
sudo apt -y update && sudo apt -y install snapd

Log out and log in back or restart the system to make sure snap's paths are updated correctly. Now we'll use the snap package manager to install some packages that are essential for this process. For ease of use, we'll create link of certbot from snap's paths to our system's bin paths.

$
sudo snap install core

$
sudo snap refresh core

$
sudo snap install --classic certbot

$
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Certbot for CentOS

To install certbot on CentOS, use the following commands. There are different methods for CentOS 7 and CentOS 8 to install packages that are required bycertbot.

For CentOS 7:
$
sudo enforce 0

$
sudo yum -y install epel-release snapd mod_ssl
For CentOS 8:
$
sudo enforce 0

$
sudo dnf install epel-release

$
sudo dnf upgrade

$
sudo yum install snapd mod_ssl

Reboot is necassary. After reboot, run these commands to enable and start snap along with linking for easy use of snap command in terminal.

$
sudo systemctl enable --now snapd.socket

$
sudo ln -s /var/lib/snapd/snap /snap

Rest of the process to generate and connect SSL certificate is common for all distributions.

Generating free SSL certificate using certbot

If you have followed through with the task to this point without encountering any errors, then you can start the process of generating the SSL Certificate and attaching it to your website. For that, run this command:

$
sudo certbot --apache

You will be asked to input your email address and some policy consents that you have to agree to. Moving on to the next part, if you have multiple websites running on a single server using virtual host, then certbot will show you a list of all those domains.

error in the task
  • I recommend selecting all domains because it would be better if we have HTTPS enabled for both ServerName and ServerAlias. For that, simply PRESS ENTER without typing anything.
  • Now the certificate should be generated and it's path written in the server configuration file. To verify that, simply open the Apache configuration file which can be located at /etc/apache2/site-available/website.conf and you will find something similar to this image:
task failed

As you can see, certbot automatically added certificate and key paths to our server configuration file. This certbot package comes with cron jobs that will automatically renew your SSL Certificate unless you changed your server configuration. That's it. You can go to your browser, clear your cache, and check your website. It should have HTTPS enforced and a lock icon that basically tells us that your SSL Certificate is valid.

Getting Free SSL Certificate for Django website

For Django websites, getting SSL Certificate from Let's Encrypt using Certbot is kind of similar but there are some extra tweaks that we have to do to make this work. After you follow through the above process, on Django it will give you WSGI error similar to "Name duplicates previous WSGI daemon definition".

To fix this issue, simply comment out these lines from the server configuration file:

#WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
#WSGIDaemonProcess example.com python-home=/path/to/venv python-path=/path/to/mysite.com
#WSGIProcessGroup example.com

Now run the certbot command again:
$
sudo certbot --apache

This time certbot will generate keys and put paths of them in the configuration file without any error. Next, we need to uncomment all the WSGI lines from the enabled configuration file. Go to this location /etc/apache2/sites-enabled, open your website configuration file and uncomment these lines:

WSGIScriptAlias / /path/to/mysite.com/mysite/wsgi.py
WSGIDaemonProcess example.com python-home=/path/to/venv python-path=/path/to/mysite.com
WSGIProcessGroup example.com

Now close and save the file, reload the Apache web server using sudo systemctl reload apache2 command, and your django website will have SSL certificate from now on.

This way you can get Free SSL Certificate from a trusted CA for both WordPress and Django websites. For other conventional HTML/CSS/JS websites, simply follow the first process and you will get your certificate without any issues. Just make sure your website project is live and accessible by public internet because you cannot get SSL Certificate if you are running a local server.

Known Issues

  • For some systems you have to manually enable Apache SSL module. Use sudo a2enmod ssl to enable SSL module. Restart the web server using sudo systemctl restart apache2.
  • If you are using mod_rewrite module to redirect URL, then might encounter some error if you have not enabled this module. Use sudo a2enmod rewrite to enable rewrite module. Restart the web server using sudo systemctl restart apache2.
Enable HTTPS for you self-hosted website
protocolten-admin

Author: Harpreet Singh

Created: Mon 20 Mar 2023

Updated: 1 year, 2 months ago

POST CATEGORY
  1. Linux
  2. System Admin
  3. Security
Suggested Posts:
LINUX post image
Block level full disk cloning using dd in Linux

Taking a backup of a system is very sensitive and critical process and sometimes …

PROGRAMMING post image
Python web crawler to download images from web page

In this article, I'll be explaining the working of a Python web crawler whose …

LINUX post image
Containerization with docker

Containerization is a way of packaging an application along with all of Its required libraries, …

CLOUD post image
Setup AWS cross-account RDS MySQL master and slave servers

This article is about AWS RDS master and slave replication. I'll explain how to …

LINUX post image
Sync Cloud Storage Drives using Rclone

Rclone is an Open-source, multi-threaded, command line tool. It makes data synchronization much more …

Sign up or Login to post comment.

Comments (0)