How to install free SSL certificate?

Securing your website with an SSL certificate is crucial for protecting sensitive information and building trust with your users. Docker, a popular containerization platform, offers a seamless way to install SSL certificates using Let’s Encrypt, a free and widely trusted certificate authority. In this blog post, we will walk through the process of installing an SSL certificate using Docker and Let’s Encrypt, ensuring a secure and encrypted connection for your website.

What is SSL?

SSL, or Secure Sockets Layer, is a cryptographic protocol designed to establish a secure and encrypted connection between a client (such as a web browser) and a server. Its primary purpose is to ensure the confidentiality, integrity, and authenticity of data transmitted over the internet. SSL is often used in conjunction with HTTP (Hypertext Transfer Protocol) to create HTTPS (HTTP Secure) connections.

SSL certificates are an essential component of SSL. These certificates are issued by trusted third-party organizations known as Certificate Authorities (CAs). SSL certificates serve as digital passports for websites, validating their authenticity and providing assurance to users that they are communicating with the intended server and not an impostor.

When a user visits a website secured with SSL, the browser checks the SSL certificate to verify the identity of the website. If the certificate is valid and issued by a trusted CA, the browser displays a padlock symbol or a green address bar, indicating a secure connection. This visual indication helps users trust the website and feel confident in sharing sensitive information.

How to install free SSL certificate?

Step 1: Set Up Docker Environment

Ensure that Docker is installed on your server or local machine. Docker simplifies the process of managing and deploying applications, making it an ideal choice for installing an SSL certificate.

Step 2: Run a Docker Container

Assuming that we will be using certbot, run folllowing commands in your terminal

sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            certbot/certbot certonly --manual

This will ask you few details like

  1. Email address for communicating urgent information
  2. List of domains for which you are generating the certificate.
  3. Few simple verification challanges, like
    • Adding a file at specified location in your webroot, with specific content
    • Add a DNS TXT record.

Step 3: Upload the generated key and certificate

Once you have completed the step 2, it will generate SSL certificates in /etc/letsencrypt/live/<domain-name>/, where <domain-name> is the domain for which you generated the certificate. Assuming your domain was example.com, use following command to view certificate’s contents.

sudo cat /etc/letsencrypt/live/domain.tld/fullchain.pem

Please note that we are using “fullchain.pem” here because it is used on most of the servers. There are few additional certificates generated whose description can be viewed using

sudo cat /etc/letsencrypt/live/README 

To view the key for this certificate, use

sudo cat /etc/letsencrypt/live/domain.tld/privkey.pem

Step 4: Configure Your Web Server

After obtaining the SSL certificate, configure your web server to use it. This step may vary depending on your web server software and configuration. The most common steps are

  • Upload certificates
  • Install them for the required domain
  • Upload the key for certificate

Step 5: Automate Certificate Renewal

Let’s Encrypt certificates are valid for a limited time (typically 90 days). To ensure uninterrupted SSL protection, set up an automated certificate renewal process. If that is not feasible, you can repeat the steps 1 to 4. Lets Encrypt will also send a reminder to the email used in step 2

Step 6: Test and Verify SSL Installation

To ensure a successful SSL installation, test your website’s HTTPS connection using various browsers and devices. Verify that the SSL certificate is properly installed and functioning as intended. You can also use SSL shopper.