Since Let’s encrypt stared issueing free certificates in 2016 year, everyone have oportunity to have trusted domain without any costs.
Let’s encrypt is a non-profit certificate authorities (CA) company whose mission is :
To create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS
They are others CA which can geve us free certificate but in this article I describe only this one.
Let’s encrypt give us tools to generate free certificates, so why still are so many paid certificates?
- Warranty – in my opinion this is a most valuable issue in the case when something goes wrong at CA’s part.
- Support – the process of preparing SSL can be tricky, especially for non technical persons. On paid version, you can always ask for help.
- Identity Verification – in free certificate you can’t do nothing, but in my opinion i’ts not a problem.
- Even “free certificate” can costs. Yes, it’s not a joke. When you use it on hosting, then you can pay for administration, technical advice, or simply for time spent for your SSL.
- Time period – free certificates are mostly prepared for the shortest period of time.
Certbot – manual mode
If your hosting provider have method to send them certificate, you can use this option.
There are many instructions how to get your free certificate in automated way when you have full access to shell command. In our case, we have only one command.
certbot certonly --manual
On certbot page all instructions say how to install certbot and automate whole processbut you can stop after – install certbot.
After typing our command you must follow the instruction:
Saving debug log to C:\Certbot\log\letsencrypt.log Plugins selected: Authenticator manual, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): example.com
After you prepare file and put them on right place, press enter and enjoy the final effect.
Waiting for verification... Cleaning up challenges [1m IMPORTANT NOTES: [0m - Congratulations! Your certificate and chain have been saved at: C:\Certbot\live\example.com\fullchain.pem Your key file has been saved at: C:\Certbot\live\example.com\privkey.pem Your cert will expire on 2020-10-04. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Next part depends of your hosting.