1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unlimited Free SSL for Any Domain

Discussion in 'Blogging' started by 15hajar, Dec 7, 2015.

  1. 15hajar

    15hajar Newbie

    Joined:
    Feb 14, 2015
    Messages:
    47
    Likes Received:
    15
    Occupation:
    System Administrator
    Location:
    India
    Home Page:
    Hello Guys,

    Lets Encrypt is free SSL authority which allows to create free SSL certificates for your domains. You can generated unlimited number of SSL certificates once you have installed their tool on your server. Anyone familiar with the centos command line can generate the SSL certificate on his server and can install it. Those SSL certificates are valid for 90 days with auto renew option enabled so those certificates will be auto renewed.

    Lets Encrypt SSL advantages:

    1. They are Free
    2. Uses SHA256 algorithm
    3. Auto renewal option enabled

    How to generate the Lets Encrypt SSL certificate:

    Server Environment:
    OS: Cent OS 6.x
    Control Panel: cPanel

    1. Install Python 2.7

    rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
    yum -y install git python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius
    cd /root
    git clone https://github.com/letsencrypt/letsencrypt
    cd /root/letsencrypt
    sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
    ./letsencrypt-auto --verbose

    2. Generate SSL certificate

    cd /root/letsencrypt
    ./letsencrypt-auto --text --agree-tos --email [email protected] certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d http://www.domain.com

    3. This will create private key certificate and CA bundle files in the path

    /etc/letsencrypt/live/$dom/
    4. Copy those details from there and you can install it on the server

    5. I have checked those certificates with SSLlab tests and those are top notch security certificates. You can even generate the wildcard SSL certificates with it.

    So lets puts your all blogs on https If you have any question troubles installing this update the thread so I can help you.

    Thanks are appreciated :)
     
    • Thanks Thanks x 2
  2. Matt88

    Matt88 Junior Member

    Joined:
    Jun 20, 2013
    Messages:
    137
    Likes Received:
    111
    raw.gif

    Gimme proof OP.
     
  3. oion1

    oion1 Registered Member

    Joined:
    Jul 9, 2013
    Messages:
    89
    Likes Received:
    18
    What's the catch OP?
     
  4. pseudonym

    pseudonym Regular Member

    Joined:
    Feb 26, 2008
    Messages:
    342
    Likes Received:
    80
    Occupation:
    中国梦
    Location:
    一带一路
    there is no catch. it is free ssl. these are the limitations --

    - no wildcard, software or EV certificates. pure basic ssl.
    - certs expire after 90 days, rather than a year [ or more ]. this means frequent re-issuing. there is ongoing discussion about this. an expiry monitor was just launched on http://certificatemonitor.org/
    - there is a limitation of 5 certificates per domain name. some hosters providing services under 1000+ subdomains are voicing complaints about this. they mostly would like to see wildcard coming available. however, wildcard would also pose issues with free subdomain hosters such as afraid.org ... basically, no solution will please everybody. there is work in progress in this area.
    - you require root access. which means owning a server, or having a webhost willing to run commands on your behalf. some webhosts have already said they will not support letsencrypt because if they did, no one would buy their certs anymore

    that's the current state of affairs.

    btw, a web generator can be found here https://gethttpsforfree.com/ however! even this still requires a server
     
    Last edited: Dec 7, 2015
  5. whiteblackseo

    whiteblackseo Jr. VIP Jr. VIP

    Joined:
    Apr 11, 2015
    Messages:
    2,459
    Likes Received:
    918
    Home Page:
    Or....just use cloudflare's free ssl. . . even simpler.
     
  6. pseudonym

    pseudonym Regular Member

    Joined:
    Feb 26, 2008
    Messages:
    342
    Likes Received:
    80
    Occupation:
    中国梦
    Location:
    一带一路
    there is still an underlying cost involved in the sense that cloudflare itself costs money. letsencrypt has a tco (total cost of ownership) of literally us$0.00
     
  7. whiteblackseo

    whiteblackseo Jr. VIP Jr. VIP

    Joined:
    Apr 11, 2015
    Messages:
    2,459
    Likes Received:
    918
    Home Page:
    Cloudflare itself costs $0, with a free SSL.
     
  8. oion1

    oion1 Registered Member

    Joined:
    Jul 9, 2013
    Messages:
    89
    Likes Received:
    18
    On CF they say the SSL won't work on older browsers unless you pay for CF subscription. Does this self-hosted cerificate work with all browsers?
     
  9. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2011
    Messages:
    3,822
    Likes Received:
    2,061
    Occupation:
    Ninja
  10. oion1

    oion1 Registered Member

    Joined:
    Jul 9, 2013
    Messages:
    89
    Likes Received:
    18
    You need your own server for this to work, on CF it would work on shared hosting aswell.
     
  11. 15hajar

    15hajar Newbie

    Joined:
    Feb 14, 2015
    Messages:
    47
    Likes Received:
    15
    Occupation:
    System Administrator
    Location:
    India
    Home Page:
    You will need VPS or dedicated server to generate those SSL certificates These certificates are recognized by all the browser and green padlock is also visible in the browser. I guess if you generated ssl on the another server and installed on your shared server that may work but I have not tried that myself.
     
  12. pseudonym

    pseudonym Regular Member

    Joined:
    Feb 26, 2008
    Messages:
    342
    Likes Received:
    80
    Occupation:
    中国梦
    Location:
    一带一路
    - this is why i said there is an underlying cost involved with cloudflare
    - letsencrypt is not self-hosted. it is CA-recognized and browsers will show the lock

    it works on shared hosting, if your hoster will run the commands on your behalf. some hosters do this for free, others charge you some engineering hours, others flat out refuse when they see you are trying to get ssl for free [ as they are usually selling ssl at a price ]

    it works on shared, if the hoster is willing to run the commands. some of them have said they support it [ dreamhost, one swiss company, some others ] but others refuse, as it would end their own ssl business
     
    • Thanks Thanks x 1
  13. Crazy Monkey

    Crazy Monkey Jr. VIP Jr. VIP

    Joined:
    Aug 4, 2015
    Messages:
    1,956
    Likes Received:
    240
    Gender:
    Male
    Location:
    In Jungle
    Nice buddy, thanks for your sharing. Any other information please share it
     
  14. pombal

    pombal Newbie

    Joined:
    Aug 18, 2016
    Messages:
    26
    Likes Received:
    10
    Gender:
    Male
    Location:
    Portugal
    You're wrong: you don't have unlimited certificates!
    They issue a lot of certificates per domain but not unlimited. Check mooo.com subdomains as an example, i was able to get certificates before but now you get a message telling you that the limit was reached.

    A funny note: letsencrypt is facing a battle in court with Comodo because they're trying to take letsencrypt name (already registered a few patents with lets encrypt words). From what i've read at thehackernews Comodo did it ignoring Lets Encrypt team requests which sucks, big company trying to take down such a beautiful project :/
     
  15. CialisBilligInternet

    CialisBilligInternet BANNED BANNED

    Joined:
    Mar 12, 2009
    Messages:
    201
    Likes Received:
    40
    Gender:
    Male
    Sucks that its not allowed for shared hosting.
     
  16. pombal

    pombal Newbie

    Joined:
    Aug 18, 2016
    Messages:
    26
    Likes Received:
    10
    Gender:
    Male
    Location:
    Portugal
    Why not?! Sure you can! You have scripts and i do believe a plugin for WHM and ISPConfig.

    If your provider doesn't request certificates it's because either it's a free hosting or they suck at sysadmin. All you need is certbot tool and withing a few seconds they're issued.