How to issue and activate Free SSL Certificate on a shared hosting from cPanel using SSH access, PHP ACME client, and cPanel SSL/TLS widget.
Get the Video here:
https://www.youtube.com/watch?v=bk868eeiN8w
3. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
DISCLAIMER
The following presentation is simply stating the process and
procedures the author used for his WordPress (PHP) sites and those
are in PHP 7 – hosted in shared Linux server with a cPanel activated
for the server administration, where sudo command was not
allowed and the “Let’s Encrypt” widget was not available
There are other Certification Authorities (CA) than Let’s Encrypt,
and there are plenty of ways to implement free SSL, and this is only
one of them that includes some command line procedures and
some GUI activities as well
As of December 31, 2018
4. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
WHY SSL
Security of
Data and Transaction
SECURITY
SEARCH ENGINE RANKING
Without HTTPS your site
ranking will go down
5. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
WHY SSL
THE BASELINE STANDARD OF WEB PRESENCE
Domain
Hosting
Development
Domain
Hosting
Development
SSL Certificate
6. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
DEBUNK
SSL = Money
True & Not True
7. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
BELIEVE
FREE SSL PAID SSL
WARRANTY
Domain Validated SSL Extended Validity SSL
WILDCARD CERTIFICATES
SECURITY
VALIDITYShortest 1 or 2 years
8. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
IDEAL CASES
Blogs,
Websites
etc.
Where no payment and
sensitive data involved
FREE SSL
e-Commerce sites,
Social media networks
etc.
PAID SSL
Where payment and
sensitive data is involved
9. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
PREREQUISITE
7
SSH Access to the Server
(for command line access)
10. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
TOOLS USED
Let’s Encrypt
(Certification Authority - CA)
PHP ACME Client
(a client software for Let’s Encrypt)
cPanel SSL/TLS widget
(for installing the certificate)
Composer
(PHP dependency manager)
11. CONNECT HOSTING VIA SSH
[~] $
ssh username@example.com
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
Might prompt you to provide the password
With a valid password, it will bring you back the prompt again
-p 22
port
12. GET THE PHP ACME CLIENT
[~] $
git clone https://github.com/kelunik/acme-client
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
You can do that manually over FTP:
Download the zip file from Github
Upload it to the home directory of your server, and
Uncompress it.
13. INSTALL COMPOSER IN THE ACME CLIENT
[acme-client] $
php –r “copy(‘https://getcomposer.org/installer’, ‘composer-setup.php’);”;
php composer-setup.php;
php -r “unlink(‘composer-setup.php’);”;
php composer.phar install --no-dev
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
[~] $
cd acme-client
15. REGISTER AN ACCOUNT
[acme-client] $
php bin/acme
setup
--server letsencrypt
--email your@email.com
php bin/acme setup --server letsencrypt --email your@email.com
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
16. ISSUE THE CERTIFICATE
[acme-client] $
php bin/acme
issue
--domains example.com:www.example.com
--path /home/username/public_html:/home/username/public_html
--server letsencrypt
php bin/acme issue --domains example.com:www.example.com --path /home/username/public_html:/home/username/public_html --server letsencrypt
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
/public_html is the path where your site code is hosted. If it is in a sub
directory, don’t forget to mention that like /public_html/my_directory
18. CHECK THE CERTIFICATE
[~] $
cd /home/username/acme-client/data/certs/
acme-v01.api.letsencrypt.org.directory/
example.com
cd /home/username/acme-client/data/certs/acme-v01.api.letsencrypt.org.directory/example.com
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
[example.com] $
ls
You can do that manually over FTP:
Browse to the path specified above
You will see the files
19. 4 FILES
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
cert.pem chain.pem fullchain.pem key.pem
--- KNOWLEDGEBASE ---
PEM – Privacy Enhanced Email
Base64-encoded certificate file
Details: https://fileinfo.com/extension/pem
21. Access to your site’s
cPanel from the Web
Browser
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
INSTALL USING THE cPanel SSL/TLS
Click on the
“SSL/TLS” widget
22. Click on the
“Manage SSL sites”
link
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
INSTALL USING THE cPanel SSL/TLS
Choose the
Domain
(or browse)
(followed)
23. Click on the
“Autofill by Domain”
button
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
INSTALL USING THE cPanel SSL/TLS
Click on the
“Install Certificate”
button
(followed)
25. Change the base URL in your app
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
FIX THE BASE URL
From http://example.com
To https://example.com
(if necessary)
26. Take a Backup of the Database
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
FIX THE DATABASE
Find strings with http://example.com
Replace with https://example.com
Replace the Database
(if necessary)
27. HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
FIX THE ON-SITE ASSETS’ URL
FROM
http://example.com/assets/css/app.css
http://example.com/assets/js/app.js
http://example.com/assets/img/image.ext
TO
//example.com/assets/css/app.css
//example.com/assets/js/app.js
//example.com/assets/img/image.ext
OR, TO
https://example.com/assets/css/app.css
https://example.com/assets/js/app.js
https://example.com/assets/img/image.ext
(if necessary)
28. FORCE REDIRECT USING .htaccess
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
If WordPress:
Put the code outside the WordPress block
32. NOT COMPATIBLE (?)
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
Not Supported in 0.1% software
99.9%
LIST OF COMPATIBILITY
https://letsencrypt.org/docs/certificate-compatibility/
SUPPORTED
33. CHECK THE VALIDITY
[~] $
php acme-client/bin/acme
check
--name example.com
--server letsencrypt
php acme-client/bin/acme check --name example.com --server letsencrypt
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
34. 90
DAYS ONLY
(3 Months)
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
CAVEAT IS BEAUTY
The shorter the validation,
the safer the certificate is
36. RENEW THE CERTIFICATE
[~] $
php acme-client/bin/acme
issue
--domains example.com:www.example.com
--path /home/username/public_html:/home/username/public_html
--server letsencrypt
php acme-client/bin/acme issue --domains example.com:www.example.com --path /home/username/public_html:/home/username/public_html --server letsencrypt
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
/public_html is the path where your site code is hosted. If it is in a sub
directory, don’t forget to mention that like /public_html/my_directory
38. SETUP THE CRON JOB
0 0 1 */2 *
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
command
At 00:00 on day-of-month 1 in every 3rd 2nd month
It is my suggestion. You can use 0 0 1 */3 * or 0 0 30 */2 * also.
php acme-client/bin/acme issue --domains example.com:www.example.com --path /home/username/public_html:/home/username/public_html --server letsencrypt
39. DOCUMENTATION
List of Let’s Encrypt ACME Clients in Other Languages
https://letsencrypt.org/docs/client-options/
•
SUGGESTED PROCEDURE
Video: Implementing Let’s Encrypt SSL using Certbot
https://youtu.be/8huMBHx-TKY
•
BLOG
Let’s Encrypt certificate or a commercial SSL – the final verdict
https://www.iwebz.net/index.php/lets-encrypt-versus-commercial-ssl/
•
ASSISTANCE
How to activate SSH access to your cPanel
https://youtu.be/CCX0mMaEEKc
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
LOOK BEYOND
40. A WRAPPER TO THE LET’S ENCRYPT
SSL For Free
https://www.sslforfree.com/
•
FORMERLY ‘COMODO’ CA
SECTIGO
https://ssl.comodo.com/
•
CloudFlare
https://www.cloudflare.com/
•
…
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
OTHER FREE CERTIFICATION AUTHORITIES
…and other CAs, and many wrappers also…
41. Q & A
HOW TO INSTALL & ACTIVATE FREE SSL by Mayeenul Islam
https://youtu.be/CCX0mMaEEKc
How to activate SSH access to your cPanelby cPanelTV
If slide #23 failed
Preferred because, often times the open protocol might not activate the Green Padlock.
Lesson learnt from:https://youtu.be/8huMBHx-TKYHow to get FREE HTTPS in 10 minutes with Let’s Encrypt and Certbot
by Pentacode