Installing a free SSL Certificate from sslforfree.com

If you own your own domain you can obtain an SSL certificate for your web site completely free from sslforfree.com. The certificate is valid for 60 days and will need to be renewed thereafter.

sslforfree-site
Free SSL Certificates In Minutes

Below is a condensed, quick guide to the steps I took to enable and configure an SSL connection but first, why do we need to secure our web sites anyway and what is SSL?

In a nutshell SSL is an encrypted channel between the client and your web site providing improved security. Web sites with a valid SSL certificate have a URL beginning with ‘https’ rather than ‘http’. The Google Chrome browser will distinguish between the two by displaying a green padlock symbol in the address bar whenever the site is SSL enabled and a grey circle with an exclamation mark denoting unencrypted connections.

Google-Chrome-Screenshot- Not secure warning
Chrome Browser showing ‘Not Secure’ warning

During 2018 Google have announced that they will display a red triangle warning for all insecure sites and this will obviously affect people’s judgement negatively when visiting your site. Certified sites are not going away that’s for sure.

SSLforFree – Installation Overview

Below is a brief overview of the steps I took to obtain and install the certificate files. I’m assuming that you have already prepared the necessary files in your web server for the switch to SSL? I’m running the Apache2 web server. A dummy ssl-configuration file was pre-installed. I edited this file with my virtual host settings. Apache configuration is beyond the scope of this tutorial but help is available in abundance on the web. You will probably need to open port 443 on your router if you are running your web server from home like myself. Again, Google is your friend.

sslforfree instructions

In your browser head over to https://www.sslforfree.com/. Study all the instructions carefully, plan your installation, know every step before committing. After creating your account, enter your domain name in the box provided. You can enter sub domains as well, even wildcard domains like *.example.org example.org. See the section ‘Free Wildcard Certificates’ in the ‘Advanced Options’ section further down the page for the exact syntax.

Validating the site

Before sslforfree.com will allow you to download your certificate they will need  to verify that you are the owner or the administrator of the site. There are several verification methods available. I chose the manual verification method which involves downloading a couple of files and placing them in folders within your web root. The names of the folders are of importance and sslforfree.com provide explicit and simple to follow instructions during the verification process.

Downloading the certificate

The certificate contains a few files, make a copy for safe keeping and make a new folder on your system for Apache to be able to locate and read them. Remember, private keys need to be adequately protected. I recommend the tips in this link:

Best location for private keys on Ubuntu

Editing the Apache virtual host file

Next, edit the virtual host file so that the web server can locate the certificate files. I achieved this by opening the pre-installed, default SSL virtual host file (default-ssl.conf) and edited the path’s and filenames to point to my location.  These 3 lines of code will need to be edited.

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

Change them to match your installation:

File path's and filenames edited in virtual host
File path’s and filenames edited in virtual host

After updating the apache virtual host file we need to restart the apache server for the changes to take effect.

sudo systemctl restart apache2

Hopefully your site will now display the green padlock symbol in your browser.

Screenshot showing 'Secure' and a green padlock symbol in Chrome browser
Screenshot showing ‘Secure’ and a green padlock symbol in Chrome browser

Verifying your certificates

Finally, to verify all is in order use the free SSL Checker utility available at:

"SSLShopper-<yoastmark

Here’s a screenshot of my results:

sslshopper-screenshot
SSL Checker shows verification of site certificate installation

If you chose to verify via the ‘Manual Verification’ process you can now safely delete the files you downloaded on your server.

Other Mooselander links:

Secure Shell App – Setup & Profiles

Peavey Classic 60/60 – Under The Hood

CategoriesIT