Install Let’s Encrypt Free SSL via SSH with Auto-Renewal Cron Job
What is an SSL certificate?
Security is a big deal to everyone doing business online. You might have noticed that some web addresses begin with
http:// while other popular trusted sites have addresses that start with
The added “s” means that the site has SSL security. SSL stands for Secure Socket Layer. It’s a technology that keeps sensitive information, like a credit card, social security numbers, usernames and passwords out of the hands of cyber crooks by encrypting, or scrambling, data while it passes between websites and web servers keeping it from being intercepted. Once the data reaches the intended recipient it is unencrypted.
Your SSL certificate tells visitors that you are the legitimate and verified owner of your site. Showing that you are serious about security is a great way to earn trust. To add SSL to your website, you need to install an SSL certificate. When your site is SSL enabled, a padlock icon, as well as
https://, appears in the customer’s browser bar to show that the information they send to or receive from your site is safe from hackers.
An additional bonus point of having an SSL enabled site is that, it will boost your rankings in the search results. Google and other search engines reward secure websites to encourage all website owners to get on board. No business is too small or too new to protect its online customers and business reputation with an SSL certificate.
How much does an SSL certificate cost?
Typically SSL certificates from a certificate authority like GoDaddy ranges from ₹4,399.08 all the way up to ₹19,799.04 per year. Check the prices on the Godaddy website at the link below: https://in.godaddy.com/web-security/ssl-certificate.
Don’t get carried away by the low per month charges they are showing for the 1st year of your subscription. Its a marketing gimmick to just get you on board with their subscription. Check the text written in the fine print underneath which tells you the price per month when you renew after the expiry of one year period.
Get Free SSL from LetsEncrypt
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. It launched on April 12, 2016. Let’s Encrypt certificates are valid for 90 days, during which renewal can take place at any time.
How to Install Free SSL From Let’s Encrypt on any Shared Hosting via SSH with Auto-Renewal Cron Job
The process involves four steps:
- We will get the
acme.shscript copied to our hosting.
- We will install
acme.shscript on hosting. You don’t need to have root access for this.
- We will get an SSL certificate by running a simple script.
- Finally will Installing certificate using cPanel.
So lets get started with each of these steps one by one.
Step 1 – Firstly you will need cPanel and SSH login details ready with you. You may get this at the time of Domain & Hosting Registration. Secondly, you will need software called Putty to connect to a hosting server via SSH. Go to Putty.org and get a standalone version.
To get SSH login details, If you have a Godaddy hosting provider then after login to the website, go to my products and then under the web hosting, click on manage. Then under the settings panel, click on the server tab. Here you will get an IP address for login to SSH. Also if you don’t have SSH enabled you can click on manage then enabled it. Open putty software. Add IP address under Hostname and keep port to 22 as it is. Then choose the connection type to SSH. Click on Open. The login credential will be the same as your cPanel credential. Type username and password to connect. When you type a password you will not see anything. Just hit enter after typing your password. After login, we will install
acme.sh script on our host to get SSL. Just copy this git command.
git clone https://github.com/acmesh-official/acme.sh.git
Before doing this lets see where this will save script and SSL on your cPanel, so login to cPanel as well to see the location. After login to cPanel click on File Manager. You will be presented with the root directory for your hosting account. This will be the place where
acme.sh script will be saved. So go back to putty paste the command you have copied then right-click on a black screen and hit enter. Files will be automatically copied from GitHub to your host. Then copy the next command
cd ./acme.sh to enter into the folder just created.
Paste command by right-clicking and hit enter.
Now let’s see where these scripts have been saved in our hosting. Just reload, & you will see a new folder with the name
acme.sh. Click on it. Inside you will find the files which have been copied from Github.
Step 2 – Now we want to install
acme.sh script on our hosting. Copy installation command
./acme.sh --install and go back to putty right-click to paste and hit enter. The script will be installed. You might get a warning to install socat script but you can simply ignore this as it is not required. By this time the cron job script also ran on your script. You can confirm this by going to Cron Jobs setting on cPanel. This will check regularly on a daily basis if you have an SSL certificate expired or not, if expired then will get a new one automatically. We will need to change this setting to run it once on a daily basis automatically. You can keep all settings as it is. Don’t need to change anything else.
Step 3 – Next we will get an SSL certificate. Close the putty program and reopen. If you do not do so you will get an error. Copy this command & before pasting just replace the hosting username and domain name with yours.
acme.sh --issue -d sunilchauhan.com -d www.sunilchauhan.com -w /home/sunilchauhan/public_html. Right-click to paste and hit enter. You will get errors if you did not close and reopen putty software. So you have to close it and reopen it again. Login again and then copy the command then right-click to paste on putty then hit enter. Hurray, we finally get the SSL certificates. So let’s see where it has been saved on our hosting. Open File manager, here in the root directory you can see there are two new folders
.achme.sh. We will check inside the
.acme.sh folder. Under your domain name folder, you will get all certificates required to be installed.
Step 4 – Finally we are going to install certificates. There are 2 methods, first is automatic which requires a simple command to be run. Second method is manual installation via cPanel. We will see both.
Automatic Method: Copy the code below & before coping make sure you replace the domain name with yours. Go back to putty right-click to paste on it and hit enter.
acme.sh --install-cert -d sunilchauhan.com \ --ca-file ca.cer \ --cert-file sunilchauhan.com.cer \ --key-file sunilchauhan.com.key \ --fullchain-file fullchain.cer \ --reloadcmd "service apache2 force-reload"
If you don’t have full access to hosting you’ll get an error like a service command not found. This simply means you don’t have access to the service command which actually requires restarting your apache server. Without this certificates will not be installed automatically and that is why the second method is useful. Alright, now close the putty. Its work has been done.
Manual Method: Go back to the file manager using cPanel. Go to
.achme.sh folder. Then go to your domain name folder. Now we will install these certificates using cPanel. Go to the cPanel dashboard and click on the SSL/TLS icon. Under Install and Manage SSL click on the link Manage SSL Sites. Then scroll down the domain section and choose your domain. Go back to the file manager then check the file with
.cer file extension. Right-click on the file and click view. Copy the whole code as it is. Go back to another tab where we have opened Manage SSL Sites. Paste the code into the certificate input box. Go back to the file manager & check the file with the
.key file extension. Right-click on the file and click view and then copy the whole code as it is. Paste it into the Private Key input section. Go back to the file manger and check the file
ca.cer right-click then click view and copy the whole code & paste it into the certificate authority bundle. Finally click on the install certificate button. Success popup will display and your site now has a secure SSL certificate with a padlock icon and https in the address bar.