As discussed in my earlier blog, Generate Free SSL Certificate using ZeroSSL where the limitation of one free certificate on ZeroSSL can be eliminated using Get HTTPS for free!
This process includes the following prerequisites and procedures.
Note: This process is not for beginners or production usage scenarios. Use this process if you are knowledgeable about certificate generation.
- OpenSSL command line
- [Li]nix / Mac OS
- Open the URL https://gethttpsforfree.com
- It has 5 steps
- Account Info
- Certificate Signing Request
- Sign API Requests
- Verify Ownership
- Install Certificate
- In each step, some commands or processes need to be followed to get the free SSL certificate.
- Account Info
- In this step, we will be providing the email and public key.
- Keep the generated private key security in your system.
Certificate Signing Request (CSR)
Note: If you are unsure about the public key generation commands, click on the "how do I generate this?" link, which is available over the public key input textbox.
- Generate the CSR for the required domains
Try to follow the same format, including the line feeds mentioned below.
Note: You can generate the CSR for wildcard certificates and www subdomain with the same command
Sign API Requests
#change "/etc/ssl/openssl.cnf" as needed:
# Debian: /etc/ssl/openssl.cnf
# RHEL and CentOS: /etc/pki/tls/openssl.cnf
# Mac OSX: /System/Library/OpenSSL/openssl.cnf
openssl req -new -sha256 -key domain.key -subj "/" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
- Sign all the requests with the private key
Note: You need to copy the command and execute it on your PC/Mac terminal, and the result needs to be pasted on the web page.
- In this step, you need to prove your domain ownership
- You will be given 3 options
- Python server
- DNS record (I've used this option)
- Update the DNS records with new TXT entries, and use the online dig tool to make sure the records are visible.
- After we verify the availability of the records, you need to click on the respective buttons on the web page.
- Repeat the same steps for each domain on CSR (www and any sub-domains).
- You will be able to receive your certificate in "chained.pem" format
- Copy and paste the first certificate section (e.g. the first "-----BEGIN CERTIFICATE-----" section) into a text file named "domain.crt".
- Copy and paste the second certificate section (e.g. the second "-----BEGIN CERTIFICATE-----" section) into a text file named "intermediate.pem".
Note: Expand the "how do I install this?" link for quick help.
Hope this will help you to generate free SSL for your websites.