Learn how to get free HTTPS(SSL) on your website

Updated 6 January 2023

In this article, we will learn how to get a free SSL certificate for your website.

Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group (ISRG).

It utilizes the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates

What is SSL?

SSL stands for Secure Socket Layer. It creates an encrypted layer of data transmission between the two systems.

Whether it is server-to-server communication or server-to-browser communication. SSL allows encrypted data transmission and prevents its access to an outsider.

For creating an SSL connection, a server needs an SSL certificate.

How SSL makes your website secure?

The encryption of the transmitted data makes sure that all information remains private.

If the data is transmitted without encryption, hackers can steal personal information such as Login ID, Credit Car Numbers, Email Addresses, Mailing Addresses, Passwords, etc.

SSL Encryptions: How do they work?

  • A browser tries to make a secure connection with an SSL-secured website after obtaining its IP Address from a DNS server. The web address of an SSL secure site begins with ‘HTTPS’ instead of ‘HTTP.’
  • The browser initiates a request for the SSL certificate copy of the server.
  • After receiving the copy of the SSL certificate, it ensures that the certificate is not expired, matches the domain name, and confirms security standards, such as key length, etc.
  • Once the SSL certificate seems trustable, the browser creates a symmetric session key.
  • In addition, the server acknowledges the encryption.
  • All communication between the web server and the concerned browser is now encrypted.

Case 1 – Configure SSL in case of a single domain

Step 1 – Installing Certbot

It is a free open-source software tool for automatically using Let’s Encrypt certificates on

manually-administrated websites to enable HTTPS.

Run the following command

apt-get install certbot

Step 2: Check your domain name

cat /etc/apache2/sites-available/000-default.conf

Step 3: Generate an SSL certificate for your domain

Run the below command and Replace mohit.tk with your own domain name.

Going into the command 

  • certbot: the certbot program
  • certonly: run the certbot once, certbot-auto runs certbot automatically
  • manual: run certbot in manual mode
  • d: domains to be included in the certificate, use your domain
  • preferred-challenges: The way used to verify domain ownership, We used the DNS challenge
  • server: The letsencrypt ACME server

Once you run the above command, you will get the following output.

You need to pressEnter

In this step, you need to create a DNS TXT record under the name _acme-challenge. It needs to be configured inside your DNS panel like Cloudflare, GoDaddy, etc.

Here are my Cloudflare Entry details

Once you’ve entered the TXT record on your DNS panel (Cloudflare) get back to your console and again press Enter you will receive the below message

Step 4: To configure your Apache configuration

using your favorite editor

vi default-ssl.conf

You have to define the SSL certificate path, find your certificate path inside /etc/letsencrypt/live/

Step 5: Run the below command to enable the SSL module of Apache

a2enmod ssl

And then restart the apache service

service apache2 restart

Step 6: Run the below command to enable the SSL conf file

a2ensite is a script that enables the specified site (which contains a block) within the apache2 configuration. It creates symlinks within /etc/apache2/sites-enabled”.

a2ensite default-ssl.conf

And then restart your apache service

Now, Go to the browser and enter your domain name

Case 2 – Configure wildcard SSL in case of multiple subdomains

Note: If you have already installed the certbot don’t need to install it again

Step 1 – Installing Certbot

It is a free open-source software tool for automatically using Let’s Encrypt certificates on

manually-administrated websites to enable HTTPS.

Run the following command

sudo apt install certbot

to continue the installation press “Y" and then ENTER to accept.

Certbot is now installed on your server. Next, you’ll verify Apache’s configuration to make sure your virtual host is set appropriately.

Step 2. Check your Domain name

to check your domain, We need to check the vhost file

vi /etc/apache2/sites-available/000-default.conf

You can check your vhost file under /etc/apache2/sites-available/

A wildcard SSL provides a way to secure an unlimited number of subdomains with a single certificate. This certificate works with any subdomain of the main domain name.

For example, if your domain name is “mohit.tk”, your wildcard certificate would also protect “test.mohit.tk” and “dev.mohit.tk”.

On wildcard SSL certificates, an asterisk (*) is placed before your domain name as a placeholder.

We are using mohit.tk domain name and also using wildcard subdomain entry

Step 3 – Generate a wildcard certificate

Going into the command 

  • certbot: the certbot program
  • certonly: run the certbot once, certbot-auto runs certbot automatically
  • manual: run certbot in manual mode
  • d: domains to be included in the certificate, use your domain and its wildcard instead of exampledomain.com
  • preferred-challenges: The way used to verify domain ownership, We used the DNS challenge
  • server: The letsencrypt ACME server

Replace mohit.tk with your own domain name.

Once you run the above command, you will get the following output.

You need to press Enter

In this step, you need to create a DNS TXT record under the name _acme-challenge. It needs to be configured inside your DNS panel like Cloudflare, GoDaddy, etc.

We are using Cloudflare in our case

You need to press Enter

Once you’ve entered the TXT record on your DNS panel (Cloudflare) get back to your console and again press Enter
You will receive one more TXT record because we are using the wildcard subdomain and you need to enter the TXT record on your DNS panel (Cloudflare)

press Enter you will receive the below message

Congratulations!! Your wildcard certificate is generated. You can use this wildcard certificate with any sub-domain you create for your domain name.

After that, you need to manually configure Apache with the correct SSL cert path.

You have to copy this file location and map from your Apache server

Step 4 – Configure your Apache configuration

using your favorite editor

vi default-ssl.conf

You have to define the SSL certificate path, find your certificate path inside /etc/letsencrypt/live/

Step 5: Run the below command to enable the SSL module of Apache

a2enmod ssl

And then restart the apache service

service apache2 restart

Step 6: Run the below command to enable the SSL conf file

a2ensite is a script that enables the specified site (which contains a block) within the apache2 configuration. It creates symlinks within /etc/apache2/sites-enabled”.

a2ensite default-ssl.conf

service apache2 restart

As we have used an asterisk (*) subdomain entry It means we can use anything as a subdomain before the main domain(mohit.tk)

Here are my Cloudflare Entry details

Now, Go to the browser and enter your domain name with the subdomain as you can see below

check another subdomain

Case 3 – How to auto-renew the SSL certificates

To learn how to automatically renew your free SSL certificates then please refer to my next blog.

For Magento 2 Elastic search, please follow the –

Our Cloudkul Blogs

Elasticsearch, Fluentd, and Kibana (EFK) 

Setting up Elasticsearch, Logstash, and Kibana for centralized logging

Managing and Monitoring Magento 2 logs with Kibana

Our store modules –

Magento 2 Elasticsearch

EFK Setup for Magento 2

You may also visit our Magento development services and quality  Magento 2 Extensions.

For further help or query, please contact us or raise a ticket.

author
. . .

Leave a Comment

Your email address will not be published. Required fields are marked*


1 comments

  • Alex
  • Start a Project




      Message Sent!

      If you have more details or questions, you can reply to the received confirmation email.

      Back to Home