SSL can bring many of advantages to your business, including increased trust from your visitors to higher search rankings with search engines. An issue for many small businesses or individuals who would love to take advantage of this extra security is the cost. SSL can be a very costly installation, with companies like Symantec offering certificates for thousands of dollars. For small bloggers or small businesses who would like the ‘green-lock’, this is definitely not viable.
Today we’re going to go over the steps that I took to install HTTPS/SSL on my WHM/CPanel server for free.
A few days ago when setting up my own personal server, I was looking everywhere for a cheap, certified SSL certificate. I looked everywhere and tried everything. The closest I got was a self-signed cert, that showed a dangerous looking popup when my visitors opened my site, that wasn’t ideal…
I was about to give up when I found Letsencrypt, they stated they would provide certified signed SSL certificates for free, this made me skeptical, but after seeing sponsorships from Google, Facebook, and CISCO I became hopeful.
Located under the certificates page, they recommend people should start off with the CertBot client. The client is easy to use, a well-documented system that works on most operating systems. After heading to the CertBot page, we’re asked to provide our operating system and origin server so they’re able to provide us with server-specific documentation.
After I selected ‘Apache on Ubuntu 14.04’, I was provided with some command lines to run. I then headed over to my terminal and connected to my server via SSH. After running just six commands I was now the proud owner of a certified, auto-renewing SSL certificate.
Below you’ll find a copy of the SSL installation guide I followed for Apache on Ubuntu 14.04:
chmod a+x certbot-auto
CertBot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:
$ ./path/to/certbot-auto --apache
If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:
$ ./path/to/certbot-auto --apache certonly
Let’s Encrypt certificates last for 90 days, so it’s highly advisable to renew them automatically! You can test automatic renewal for your certificates by running this command:
./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade
After Installation, I was given a file location for my newly created certs. For me this was at /etc/letsencrypt/live/reade.co.nz/. There I was able to access:
cert.pem, chain.pem, fullchain.pem, and privkey.pem
After checking the contents of the cert.pem file, I headed over to my WHM GUI and search for the ‘Install an SSL Certificate on a Domain’ page, there I added the contents of cert.pem and privkey.pem files.
After I hit ‘save’, I then headed over to my browser and was successfully able to access my site via https.
Stay in tune and never miss a post when you subscribe.