How to create free SSL certificates (solved 2018)
What is HTTPS (Hypertext Transfer Protocol Secure)
According to Wikipedia, ”(HTTP Secure) is an adaptation of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet. communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL. ”
The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication.
Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. Since 2018, HTTPS is used more often on websites than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private.
Benefits of HTTPS over HTTP
You might have noticed that some websites have ‘’https” instead of http. HTTPS based websites are secure sites since data is encrypted to uphold security for the parties concerned. In fact, this is the main difference between HTTP and HTTPS. While HTTPS is secure, HTTP is always vulnerable to eavesdropping attacks where hackers access sensitive information and website accounts. HTTPS offers better security against eavesdropping from hackers. This stops hackers from stealing important information of users like credit card information, E-mail information and more from your website.
Just like home security system signs that people place on their front lawn, HTTPS builds trust with visitors. As a matter of fact, a survey conducted by GlobalSign found that 77% of website visitors are concerned about their data being intercepted or misused online. Like those signs, it’s important to let your visitors know that their information will be secure on your site. With HTTPS comes trust, and with trust comes sales.
Better Traffic Data:
How? Yes, migrating from HTTP over to HTTPS helps to track your website traffic and performance accurately because traffic data from HTTPS referrals to HTTP is blocked in Google Analytics. This means that if your website operates on HTTP, traffic being sent from referral websites operating on HTTPS will not be displayed in Google Analytics. So, if you want an accurate traffic and performance data of your Website, then you have got to get your butt to work by migrating to HTTPS.
The Bad News
The bad news is that migrating from HTTP to HTTPS will cost you a few bucks every year. If you are just starting up a website, it might be too expensive for you to afford.
Another bad news is that migrating from HTTP to HTTPS may cause you some headaches as a newbie depending on your hosting company. Means it can be a pretty hard task to migrate over to HTTPS.
The Good News
Good news? Yes. The good is that there are companies that create free SSL/TLS certificates for you and all you have to do is head over to your web hosting control panel to install it.
What is SSL/TLS?
According to Wikipedia, TLS (Transport Layer Security) and its predecessor, Secure Socket Layer(SSL) are cryptographic protocols that provide communications security over a computer network, web browsing, email, Internet faxing, instant messaging, and voice over IP (VoIP). Websites are able to use TLS/SSL to secure all communications between their servers and web browsers.
Certificate from companies offering TLS/SSL is all you need to get your website migrated to the secure server.
I will be talking about just one company that offers free SSL certificates. This company makes it easy for webmasters to generate free SSL certificates for their websites. If you follow carefully the steps I will be talking about on how get your own free SSL certificates, it shouldn’t you take much time to get.
NOTE: Not all hosting companies will let you install free SSL certificates from third party on their cPanel. Reach out to your hosting customer care to know if you can use third party SSL certificate. Whichever way, trying out these tips will not hurt you. Chances are that it will be a success.
How to create free SSL certificates from Zerossl.
This company that I will be talking about is Zerossl. Zerossl first helps you generate CSR code that you will upload to you web root from your hosting cPanel. Let’s see how it is done.
Go to zerossl.com, it will look just like the picture display above. Click on online tools and it will take you to another page, just click start.
This new page is where you will be generating your website CSR (Certificate Signing Request). This is a certificate that you will need to put in your web root through your hosting cPanel. This is a request certificate that gives zerossl the impression that the website is yours. After confirming that the website is yours by uploading the generated CSR to your web root correctly, zerossl will generate your certificates for you.
Enough of long talk. Let us continue from where we stopped. To generate a CSR, just put in your domain name inside the box labelled ‘domains‘. Enter your URLs with www and without www. Look at the picture below for better understanding. Make sure to ”Accept Zerossl (TOS)” and ”Let’s Encrypt SA (PDF)” by checking the box before them just like I did in the picture below. Remember not check the DNS Verification box.
Click next after doing that that and it will take some seconds to generate your first code. After generating your first code, it will look like the picture below. Download it. Click next again to generate your key which will fill up the empty box is the left-hand side of your computer screen. Download it too like you did for the first code.
Now you have to generate the actual CSR and Key that you will be uploading to your web root soon.
Click next to generate these files and download them. These two files are named Domain CSR(1).txt and account Key(1).txt .
The reason you are downloading these files is to make it easy for you to upload into your domain web root.
NOTE 1: Create a new folder and move whatever is in your download folder so as to locate these two files you downloaded easily.
NOTE 2: Do not exit the page because you are still coming back to that same page for your SSL Certificates after you have successfully uploaded the CSR and the Key you downloaded into your web root folder.
How to upload the CSR and Key into your Web Root
In my case, I will be using Godaddy shared hosting cPanel. It is pretty much the same processes for other hosting providers.
1. Log in to your website hosting account:
Log in to your hosting account and click on ”My products”. Click on manage under ” Web Hosting’‘
and then finally click on ”cPanel’‘.
2. Go to file manager:
After you have logged into your cPanel account, locate file manager and click on it. Select your web root (public_html). If you host more than one domain in your account, locate the same domain name you generated CSR and Key for. Do not forget to check the ”show hidden files” box and click ”Go”. It is very important to show hidden files before clicking Go.
You will be taken to your domain web root folder where you will be creating two folders named ‘‘.well-known” and inside ”.well-known”, you will create another folder named ‘‘acme-challenge”. That is where you will be uploading your CSR and Key. Carefully take a look at the picture below for better understanding. Remember to add the full-stop sign (.) before ”well-known” . Also remember not to include the quotes it.
After you have successfully created .well-known folder, open it and create another folder named ‘‘acme-challenge” in it and click save.
Your folder will be created and named as acme-challenge. Open the folder and upload the two files (domain csr(1).txt and account key(1).txt) you downloaded from zerossl into it.
To upload, click on upload at the top.
You will be taken to another page. Click on choose file at the top left-hand side and select and upload the files you downloaded one by one. After the uploading is complete, click on Back to. Check the picture below to get what you are doing.
If you fail to create these two folders, chances are that they have already been created. To access the folders, search for the files by writing .well-known in the search box at the top right-hand side of your computer. Click go and the .well-known folder will be displayed if you have it. Click on the folder and the acme-challenge folder should show.
If you successfully uploaded the two files, then congratulations to you because you are half way to securing your website.
Getting SSL certificates
Go back to the zerossl page, click on the links from where you downloaded your CSR and Key files one by one to confirm if you uploaded your key and CSR correctly. If it did not upload correctly, you will see error 404 page. If it uploaded correctly, series of alphabets and some numbers will be displayed on your screen.
The next thing is to get your SSL certificates by clicking next. By clicking next, Your SSL certificates will be generated in the same boxes your CSR and key were generated. Create a new folder on your computer notepad and copy and paste the key and certificate in the notepad. Remember to give them enough space inside the notepad so as to easily copy it later for uploading. You can create different folders for them. It is better to just download your certificate and key than copying it into notepad.
That is it right there, your SSL certificates. To upload and get your website secured, I will write about it in my next article.
If you have any questions, leave a comment below. If it helped, please share.
You can Install SSL certificates after creation.