Hosting Services Lab

SSL Certificate Installation Tutorial

SSL

SSL certificate is a foundation of the security online. HTTPS protocol protects data on its way from point A to point B.

The technology protects credit card information, Personal Identifiable Information (PII) and other data that contact forms might require.

This precautionary measure is important not only for your personal security. If you perform financial operations online, you should also think how to the protect the data of your clients and partners.

SSL certificates aren’t about security only. Due to the HTTP/2, Google ranks them higher. Search engines recognize such websites better. It increases the visibility of your website.

With the help of this guideline, you will unfold SSL certificate and install it on your self-hosted website fast. Let’s start!

Choose the SSL Certificate

Before installing SSL certificate, you should understand what type of certificate your website needs. There are three main ways of getting it at all:

  • Companies like SiteGround or WPEngine offer free SSL certificates with one-click options.

SSL SiteGround

  • GoDaddy and most of other web host providers sell SSL and offer the certificates for you (paid SSL with less hassle).

SSL at GoDaddy

  • You can also produce your own free certificate with the help of Let’s Encrypt or Certbot.

No matter what way you will choose, the level of encryption and protection won’t be affected.

Let’s talk about the type of SSL certificate. Choosing the right one will save your time and money. You will choose among three main types:

  1. Domain Validated (DV)

The providers use the basic level of SSL validation to produce domain-validated certificates. The certification authority verifies that he owns a particular domain. The Certification Authority only needs information provided in the WHOIS to verify the fact of ownership. This type of certificate provides reliable encryption of data on your site. Still, it doesn’t verify the fact that you are the owner of a legitimate business.

  1. Organization Validated (OV)

Companies and organizations need OV-certificates. They are “must-have” for websites that conduct e-commerce and Internet sales. Websites, which require the users to enter important data (credit card numbers, contact details, etc.), must have OV-certificates. They certify the owner of the site and include the name of the company. The validation process is longer and deeper.

The Certification Authority verifies not only the fact that you own the domain but also the fact that you are the owner of a real company.

  1. Extended Validation (EV)

Extended Validation certificates are the most prestigious business-level certificates. They allow you to confirm the validity of a website address. They contain information about the organization to which the domain belongs.

If your site uses Extended Validation certificate, the visitor sees the green address bar. It shows that the site has a very high degree of security.

You will also face the free and commercial certificates. You don’t pay money for free SSL from Let’s Encrypt. Still, this condition isn’t life-long. The term of the free certificate is 90 days. Paid certificates allow you to use it for three years. They also go along with the technical support.

You can also download the SSL from cloud providers, who don’t charge money for it. Content Delivery Networks or Website Application Firewalls offer SSL for no charge. It’s possible to speed up the work of your website by caching the content or filtering out malicious traffic.

The last question before moving to the practical part is “How to get FREE SSL certificate?”

You should provide the following information about your server:

  • username with sudo or admin privileges
  • password or SSH key authentication
  • IP address
  • software (IIS, Nginx, Apache)
  • operating system and version number.

This guide will fit those, who have dedicated IP for a server with the help of VPS or dedicated hosting. Still, even if you have a shared plan, you can talk to your provider and deploy a free SSL (sometimes it’s possible).

Finally, we moved to the practical part.

How to Generate the Certificate

When you gathered aforementioned information, you can connect to your server and install the tool that will generate the certificate. When you logged to your server, you should send SSH command:

sshuser_name@host_name

By the way, Mac devices have Terminal built-in add-on and Windows users can download PuTTY.

That was the first step.

Then you visit Certbot website to find out what operating server and software you have. On the website, you will find the directions and the lists of commands for each server and software. They will look like this:

Certbot website

Apache

./certbot-auto –apache

Nginx

./certbot-auto —nginx

Following the directions, you will run the commands to install

  • Install dependencies
  • Install Cerbot
  • Generate the certificate

After running the commands, you will see this window:

Enter your email and press Enter.

Then you will receive a request for consent with server’s rules.

Now the program offers to read the service’s rules of using the service. Type A and press Enter.

Then the program will offer you to receive emails. Press N for rejection and then Enter.

Finally, the program will display all your domains that Apache or Nginx. It will suggest entering the number of the domain you set up and want to connect. In this case, it will be No. 1. Enter a number and press Enter.

The program will ask to choose whether you want to keep the site available for both HTTP and HTTPS or HTTPS only. Choose the appropriate option and press Enter.

Done. Now you can go to the site at https: //<site name>.

The program has received all necessary certificates and put them in the directory.

/etc/letsencrypt/live/<your domain name>/cert.pem

The program also created a new configuration file for your web server and configured access to the site via the HTTPS protocol. You can find the configuration file with a command:

/etc/apache2/sites-available/<your domain name>-le-ssl.conf

Renewal

Let’s Encrypt certificate lasts for 3 months. Run this command for the renewal:

./certbot-auto renew

And then reload the server.

SSL installation

Good luck!