I'm a huge advocate for both web security and saving money on web hosting. With a bit of extra work, here is a way to secure your website using SSL without having to pay an extra fee or subscription.

What is SSL?

SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. By enabling SSL the data between your users and your server is encrypted and the connection protocol is referred to as HTTPS. If you'd like a more in depth explanation, I think this cloudflare page does a great job explaining.

How to generate a certificate

To generate a certificate we need a CA (Certificate Authority) to issue our website a valid certificate.

If you are using an EC2 instance in AWS you should SSH into your server. If you are using a shared host like Namecheap, login to your cpanel and click “Terminal”.

Now we will log in to our server and type the following into the terminal:

curl https://get.acme.sh | sh

This will install the acme protocol client that will help us generate a certificate.

Next you can issue a certificate with the following command:

.acme.sh/acme.sh --issue -d example.com -d www.example.com -w /home/yourDirectory/websitefolder --server letsencrypt

Important notes

If you aren't sure what your directory is called, you can use the pwd command to see the path to your current working directory

pwd

Also notice that we are including two domains: both example.com and www.example.com. This is important because the certificate will only cover the domain entered, and by entering both it can secure both. We won’t get into why they are considered different here but most users expect both to be secure.

The --server argument is very important because by default the protocol calls zeroSSL which has limits on how many free certificates you can have issued and requires an email.

Installing the certificate

You can install the certificate with the following commands, depending on your server:

Apache example:

acme.sh --install-cert -d example.com \
--cert-file      /path/to/certfile/in/apache/cert.pem  \
--key-file       /path/to/keyfile/in/apache/key.pem  \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd     "service apache2 force-reload"

Nginx example:

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

Only the domain is required, all the other parameters are optional.

Manual Install

To install the certificate manually, you can login to cpanel and click SSL/TLS. At the bottom right you should see an option to manage SSL certificates. You can now copy and paste the certificate details to install manually.

The contents of your .cer file go into the CRT box, and the .key file contents go into the KEY box, then click the install certificate button.

Open Source

I want to make sure to call out that this is made possible by some great open source work and all the contributors to the acmesh repository.

I hope you found this article helpful, if you have any questions feel free to ping me on twitter @helloluisj or leave a comment below. Have a great day!