There is now a good free Certificate Authority sponsored by big names like mozilla, chrome and cisco.
No more expensive certificate purchases or renewal reminders as letsencrypt takes care of all of this for you.
There is no longer a reason to not secure your website even if there is no sensitive data sent through it.
It is allot easier to install it directly on your server if you do have ssh access on your hosting
Follow the steps on https://letsencrypt.org/howitworks/
If you don’t want to install letsencrypt directly on your server or you are on a shared hosting provider then this is for you:
So I am running a vagrant box locally to generate the certs
I need to ensure I have a synced folder to get the certs off this box after generating them
So in Vagrantfile ensure you have:
config.vm.synced_folder "./", "/home/vagrant"
ssh to the box that you are generating the certificate on (in my case, vagrant)
sudo apt-get install git git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
I could only get things working as root as it seems it needs to update a few python packages
sudo su ./letsencrypt-auto --help
If you can see loads of help commands then you have installed letencrypt successfully
Generate the cert manually
./letsencrypt-auto certonly -a manual -d yoursite.com -d www.yoursite.com
Complete the steps when requested:
I got asked twice to create files.
So you create the files in the location requested with the contents shown.
And this last screen shows that you have successfully created your certificate.
If you don’t get this then its likely due to letsencrypt not being able to read the files you created. Check yourself that you can see them in a browser.
The cert files will be placed in /etc/letsencrypt
Lets get a copy of these files on my local machine
cp -R /etc/letsencrypt /home/vagrant/letsencryptfiles
I can now view these files and back them up for future
The files of interest are in live/ where all site certs will be stored in folders
Add these certs to your server as you normally would, either manually on the server or through your hosting interface like Plesk.
You should now have the green padlock on your website when visiting with https://
Click on it and open the certificate to see the Issued By details proving that Lets Encrypt is the supplier.
Certificates from Let’s Encrypt are valid for 90 days (currently) so you might prefer to install on the server to save you having to renew the certificate every 3 months.
Add your domain to test what rating you get.
If you don’t get a A rating then its likely due to weak ciphers being enabled. Read the recommendations on the site to see what needs to be changed like below.
And there we go. Installing a free certificate without having to install additional code on your servers