Free SSL Certificate ( Green HTTPS bar )

[Thor]

This is one aspect I am no experience with.

Is there a Free way of getting an SSL Certificate that will give my website that green HTTPS bar?

I had a look at letsencrypt.org however I has less thab zero idea what goes on there and it doesnt seem it will work with my cpanel hosting enviroument?

So what are my options here, do I have any?

 

[Jim West]

Not free, but one of the cheapest options I know of is https://www.startssl.com/

 

[Adenoid Hynkel]

Ask your host to install the let's encrypt certificate for you. It's straight forward and easy for any sys admin to do.

There aren't any other free certificates unless it's a promo somewhere

 

[Jim West]

#OP Presumably you realize that if your site is on shared hosting, you'll need a dedicated IP for the SSL.

 

[Thor]

Ask your host to install the let's encrypt certificate for you. It's straight forward and easy for any sys admin to do.

There aren't any other free certificates unless it's a promo somewhere

I'm with domains, but don't want to trouble them with that. I just thought there was some easier free way like when you need to verify a domain with AWS SES you just append the DKIM key to your domain in the DNS Editor, I was hoping installing a SSL certificate would have been the same easy process.

 

[Adenoid Hynkel]

#OP Presumably you realize that if your site is on shared hosting, you'll need a dedicated IP for the SSL.

No he doesn't.

I'm with domains, but don't want to trouble them with that. I just thought there was some easier free way like when you need to verify a domain with AWS SES you just append the DKIM key to your domain in the DNS Editor, I was hoping installing a SSL certificate would have been the same easy process.

Well, I hardly doubt that you're going to trouble them with such an easy task. You can also wait for cpanel version 58.x which will have the let's encrypt feature build in. 4-6 weeks

 

[MagicDude4Eva]

How difficult can it be: (1) Get CSR, (2) Submit CSR to get cert, (3) Install.

You only get a "green addressbar" with an EV certificate. Anything else is just a "regular" cert which shows the green padlock.

The whole "you need a dedicated IP" is also outdated info - SNI is supported in browsers since IE7. SNI was available in Apache 2.2 (now 2.4) from at least 2013.

 

[gfmalan]

To get a SSL and even a free one isn't that difficult, but what's the point of getting a cert that doesn't mean anything and not trusted by nearly anyone out there?

 

[Jim West]

To get a SSL and even a free one isn't that difficult, but what's the point of getting a cert that doesn't mean anything and not trusted by nearly anyone out there?

+1

 

[Adenoid Hynkel]

You only get a "green addressbar" with an EV certificate. Anything else is just a "regular" cert which shows the green padlock.

Have you ever seen a non technical user trying to achieve this on their hosting account?

It can be easier, as in 2 clicks.

To get a SSL and even a free one isn't that difficult, but what's the point of getting a cert that doesn't mean anything and not trusted by nearly anyone out there?

Have you even bothered reading about let's encrypt? It is trusted just like any other sub 10$ SSL certificate you can buy.

 

[MagicDude4Eva]

Have you ever seen a non technical user trying to achieve this on their hosting account?

Have you even bothered reading about let's encrypt? It is trusted just like any other sub 10$ SSL certificate you can buy.

I am sure when you quoted me you actually meant to OP - right?

Perhaps my personal paranoia, but I would NEVER, EVER rely on any website to generate my private key. What's wrong with openssl - it's two commands:
1 - generate the pvt key: openssl genrsa -des3 -out www.yourdomain-example.com.key 2048
2 - generate the CSR: openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr

And then if you are unsure what your SSL config should be, you hit up Mozilla - https://mozilla.github.io/server-side-tls/ssl-config-generator/. Once done, you verify your cert and setup via SSLLabs - https://www.ssllabs.com/ssltest/

 

[gkm]

If you host on AWS, you can now also get free certs in a bunch of regions: https://aws.amazon.com/certificate-manager/

I applied one to an ELB from nothing to fully SSL-ed in under 10 minutes last week. Longest part of that was walking over to the desk of the guy doing our DNS admin to ask him to click on an approve link in an e-mail he got to verify our domain ownership.

 

[Adenoid Hynkel]

I am sure when you quoted me you actually meant to OP - right?

Perhaps my personal paranoia, but I would NEVER, EVER rely on any website to generate my private key. What's wrong with openssl - it's two commands:
1 - generate the pvt key: openssl genrsa -des3 -out www.yourdomain-example.com.key 2048
2 - generate the CSR: openssl req -new -key www.yourdomain-example.com.key -out www.yourdomain-example.com.csr

And then if you are unsure what your SSL config should be, you hit up Mozilla - https://mozilla.github.io/server-side-tls/ssl-config-generator/. Once done, you verify your cert and setup via SSLLabs - https://www.ssllabs.com/ssltest/

The OP doesn't strike me as a sys admin. It also seems he is using some sort of shared hosting. He won't be able to run those 2 commands as most probably SSH is not active on his account, I might be wrong.

I was just showing how easy it can be installing a SSL certificate using let's encrypt.

The private key for the let's encrypt certificate is generated in a similar way on the same server where you would generate a normal private key for your domain in order to use any other authority. Not sure why you would think it is created on "some website"?

 

[oober]

My node site using let's encrypt got an A rating using that SSL labs check. Let's encrypt's certs only last 90 days so you need to have some sort of auto renewal in place. enc.sprout.tw got an A+ rating using let's encrypt.

Probably not as "secure" as an EV cert but it's free so yea.

 

[Thor]

To get a SSL and even a free one isn't that difficult, but what's the point of getting a cert that doesn't mean anything and not trusted by nearly anyone out there?

It is that difficult. Otherwise please show me how.


---

And I wanted it because I want to learn what the process is to get one.

 

[biometrics]

The OP doesn't strike me as a sys admin. It also seems he is using some sort of shared hosting. He won't be able to run those 2 commands as most probably SSH is not active on his account, I might be wrong.

I run the OpenSSL commands on my Windows PC from the command line.

 

[Thor]

I run the OpenSSL commands on my Windows PC from the command line.

What hosting account do you have ?

 

[DrJohnZoidberg]

My tutorial is a bit outdated but it's pretty detailed: http://mybroadband.co.za/vb/showthr...r-sites-through-SSL-and-Apache-for-free-Linux

It's more useful when you're doing things from the Linux command line though but you might find something useful there.

 

[biometrics]

What hosting account do you have ?

Not really relevant but we use managed cloud servers hosted at Rackspace running Ubuntu.

 

[Thor]

Not really relevant but we use managed cloud servers hosted at Rackspace running Ubuntu.

Of course it's relevant.

It won't work on my afrihost shared hosting account.

It might work on my WHM reseller on domains and it will definitely work on my VPS.