Install letsencrypt Free ssl certificate in a shared hosting – Free SSL certificate for your Website
Get Free SSL certificate for your Website
Let’s Encrypt is a certificate authority (CA) from non-profit Internet Security Research Group (ISRG) that provides free X.509 SSLl/TSL certificates via an easy automated process. It removes all complex process of manual creation, validation, signing, installation, and renewal of secure certificates. It is supported by all major browsers.
Note: This SSL certificates do not require a dedicated IP address or dedicated Hosting.
Note: To check your browser support click here.
Note: you only need dedicated ip, if you want to add very old browser support like IE6 on windows xp.
Note: Follow the same steps to renew your certificate also.
Free letsencrypt installation and setup steps on any shared hosting:
1.Install letsencrypt in your local system.
2.Get a certificate.
3.Install letsencrypt certificate on your domain.
1.Install letsencrypt in your local system.
Here we using ubuntu to install it locally. You can also follow this steps for any debian based OS.
Open your terminal app. In terminal type the below command and hit enter to execute it.
Then execute the below command in terminal
sudo git clone https://github.com/certbot/certbot
This will download letsencrypt on your usr/local folder.
Then type and hit the below command to install it.
sudo ln -sf /usr/local/certbot/certbot-auto /usr/bin/certbot
To check the help menu, execute the below command
[OR] For the older version of letsencrypt client follow below [Let’s Encrypt Client is now Certbot] and not recommended for new fresh install.
sudo git clone https://github.com/letsencrypt/letsencrypt
sudo ln -sf /usr/local/letsencrypt/letsencrypt-auto /usr/bin/letsencrypt
2. Get a SSL/TSL certificate with letsencrypt:
To create a new SSL certificate for the domain example.com and www.example.com, type the below code in terminal and hit enter.
Note: Replace example.com and www.example.com with your domain.
Example: Here i am using uvari.info for this tutorial.
certbot certonly --manual --email firstname.lastname@example.org -d example.com -d www.example.com
[OR] Try below if your are using older version of letsencrypt client [not recommended for new fresh install]
letsencrypt certonly --manual --email email@example.com -d example.com -d www.example.com
Example for my domain
certbot certonly --manual --email firstname.lastname@example.org -d uvari.info -d www.uvari.info
It will ask you to agree some license agreements. Type A and Hit Enter for OK.
It will also ask for IP logging. Type Y and hit enter key to confirm it.
Then it will give you a challenge to verify your ownership of the domains. Like below.
Make sure your web server displays the following content at http://uvari.info/.well-known/acme-challenge/hRiVw4n5HkMKjGOJ5sM1LH6aZ7PAikvQ50P5v5ol3HYHHH before continuing: hRiVw4n5HkMKjGOJ5sM1LH6aZ7PAikvQ50P5v5ol3HYHHH.vBE2BdGTIzmo319dQAzEVl1HjPuYrr80O49aLOblk7M
Note: The above challenge looks little different for some version, but the below procedure is same for all.
To solve the challenge, go to your domian root that is your public_html folder and create .well-known folder. Inside that .well-known folder create acme-challenge folder and then inside the acme-challenge folder create hRiVw4n5HkMKjGOJ5sM1LH6aZ7PAikvQ50P5v5ol3HYHHH folder.
Here this folder name is different for each user. Note yours and create according to yours. And inside that create a index.html file. Open that file and copy /paste the second content. That is hRiVw4n5HkMKjGOJ5sM1LH6aZ7PAikvQ50P5v5ol3HYHHH.vBE2BdGTIzmo319dQAzEVl1HjPuYrr80O49aLOblk7M for my case without any space. This content is also varies. Replace it with yours.
You will have to complete this challenge twice for each of the domains provided.
After you complete these two challenges you should get a success message like below screenshot.
After generating the certificate you need to install it on your domain. Here i am using cpanel control panel to manage my hosting. This procedure is not very different for other control panels.
The certificate is saved in /etc/letencrypt/live/example.com directory. Replace example.com with your domain name. You can see several files, but we need just the below 3 files.
Here privkey.pem is the private key, cert.pem is the ssl certificate and chain.pem is Certificate Authority Bundle (CABUNDLE).
In your terminal run the below code. it will open nautilus file browser as root.
sudo -E nautilus
Now login to cpanel and look down for SSL/TSL manager. And open it.
Click Generate, view, upload, or delete your private keys link. Now go back to the opened nautilus file browser as root and open the privkey.pem file with any text editor or gedit. Then copy all the contents from that file and paste it on “Paste the key below:” section and click the save button.
Now go to to ssl/tsl manager and click Generate, view, upload, or delete SSL certificates link.And open the cert.pem file with any text editor or gedit as root. Then copy all the contents from that file and paste it on “Paste your certificate below:” section and click the save certificate button.
Now again go to ssl/tsl manager and click Install and Manage SSL for your site (HTTPS) link. Select your domain from dropdown and Copy the cert.pem content to Certificate: (CRT) box, privkey.pem content to Private Key: (KEY) box and chain.pem content to Certificate Authority Bundle: (CABUNDLE) text box. And click the Install Certificate button.
Thats it. Now go to https://example.com in your browser. Replace example.com with your domain.