Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone.
Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS (Secure Socket Layer/ Transport Layer Security) certificates for their web servers and to set up HTTPS websites in a few simple steps (mentioned below).
Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer.
The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers.
Why Let's Encrypt?
Let's Encrypt promised to offer a certificate authority (CA) which is:
How to Install Let's Encrypt Free SSL Certificate
First of all, let's say you want to get a certificate for example.com. To run the installation using the official Let's encrypt method, you must have root access to your example.com web server, but unfortunately many of us use shared hosting plan like I am using the "PersonalClass" plan on Arvixe and we don't have root access to the server. What about us? Can't we use enjoy the benefit of free SSL? Well the answer is "Yes, you can". Below is a tutorial where admin using shared hosting and not having root access can also install the free SSL.
So, let's begin...
First, let me introduce you to https://gethttpsforfree.com/ which is a web based client for LetsEncrypt. Admin who does not have root access to their server can obtain the ssl certificate from this website.
Step 1: Go to https://gethttpsforfree.com/
Step 2: Follow the instruction as on the website for Account Info, Certificate Signing Request and Sign API Requests. (Use putty or any other ssh client to run the commands)
Step 3: Now there is a small problem with the step "Verify Ownership" as the current elgg's htaccess file forbiddens all the files/folder starting with dot (.) to be accessed via any browser and it's generate a 403 forbidden error for the validation path ".well-known/acme-challenge/" on your server. (Detailed discussion here). Now to validate your account you need a small modification in your htaccess file until there is a permanent fix for this. (View ticket here). You need to comment out "RewriteRule (^\.|/\.) - [F]" line by inserting "#" at the beginning of the line to make .well-know folder accessible for validation process. Once validated you can remove the # symbol and your htaccess file will be back to original format.
Step 4: Once validated, you will get your certificate and permission file. You need to save your cert and pem file with the content provided on gethttpsforfree on your local system.
Step 5: Login to your cpanel and click on "SSL/TLS Manager". Upload your private key obtained in step 1 at "Private Keys (KEY)" section and the certificate file obtained in step 4 at "Certificates (CRT)" section within your SSL/TLS Manager page.
Step 6: After successfully uploading the file, visit "Manage SSL sites" and install the uploaded certificate,
Congratulation you have successfully installed SSL certificate for your example.com domain.
How to Renew Let's Encrypt Free SSL Certificate
It is important to note that the beta version of Let's Encrypt issues certificates that expire after 90 days. So, to renew your SSL certificate, you need go through the entire process again after expiration.
FREE HTTPS Certificates for Everyone!
So, now it's time for the Internet to take a significant step forward in terms of security and privacy. With Let's Encrypt, the team wants HTTPS becomes the default and to make that possible for everyone, it had built Let's Encrypt in such a way that it is easy to obtain and manage.
Let's Encrypt had signed its first free HTTPS certificate in September, and its client software emerged in early November. Since then the team has been finding flaws in their systems before going public.
If you want to check on how the ssl looks or if you want to check the certificate, then feel free to visit my site www.campuskarma.in
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by Raül Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Dave ONchE@DaveONchE

Dave ONchE - 0 likes
- Rohit Gupta@Rohit_1990_3676

Rohit Gupta - 0 likes
- Dave ONchE@DaveONchE

Dave ONchE - 0 likes
- Rohit Gupta@Rohit_1990_3676

Rohit Gupta - 0 likes
- Change "/etc/ssl/openssl.cnf" as needed:
- Change foo.com to your domain.com
- Dave ONchE@DaveONchE

Dave ONchE - 0 likes
- Rohit Gupta@Rohit_1990_3676

Rohit Gupta - 0 likes
- Dave ONchE@DaveONchE

Dave ONchE - 0 likes
- Rohit Gupta@Rohit_1990_3676

Rohit Gupta - 0 likes
- Rohit Gupta@Rohit_1990_3676

Rohit Gupta - 0 likes
You must log in to post replies.Hi Rohit.. thanks for sharing this. I check it out on your website an its working great. However, am trying to install on my site but having difficulty in step 2 under Certificate Signing Request. Looks like the instruction given there for the command line is only for Linux because am trying it on windows and the commands are not working for me. Do you know any other way out or precisely, how can i run the command for CSR using Putty on windows??
You need a linux platform for Step 2 - Certificate Signing Request and more importantly in Step 3 - Sign API Requests. You cannot complete step 3 without a linux server.
What you can do is that connect to your linux server using putty. Open putty, type in your server link and click on connect. login using your cpanel username/password. Once logged in, run your command on putty.
Fore more details on how to use putty, refer this article: https://mediatemple.net/community/products/dv/204404604/using-ssh-in-putty-
Thanks Rohit.... i have actually connected to my linux server using putty. Am trying to run this command from the instruction on step 2 to generate a CSR but that isn't working:
I think am running something in this command line wrongly, could you tell me exactly what command you used here? Thank you.
* Debian: /etc/ssl/openssl.cnf
* RHEL and CentOS: /etc/pki/tls/openssl.cnf
* Mac OSX: /System/Library/OpenSSL/openssl.cnf
keep getting this when i enter the command:
cat: /etc/ssl/openssl.cnf: No such file or directory
cat: /dev/fd/63: No such file or directory
unknown option -reqexts
req [options] <infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-out arg output file
-text text form of request
-pubkey output public key
-noout do not output REQ
-verify verify signature on REQ
-modulus RSA modulus
-nodes don't encrypt the output key
-engine e use engine e, possibly a hardware device
-subject output the request's subject
-passin private key password source
-key file use the private key contained in file
-keyform arg key file format
-keyout arg file to send the key to
-rand file:file:...
load the file (or the files in the directory) into
the random number generator
-newkey rsa:bits generate a new RSA key of 'bits' in size
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'
-newkey ec:file generate a new EC key, parameters taken from CA in 'file'
-[digest] Digest to sign with (see openssl dgst -h for list)
-config file request template file.
-subj arg set or modify request subject
-multivalue-rdn enable support for multivalued RDNs
-new new request.
-batch do not ask anything during request generation
-x509 output a x509 structure instead of a cert. req.
-days number of days a certificate generated by -x509 is valid for.
-set_serial serial number to use for a certificate generated by -x509.
-newhdr output "NEW" in the header lines
-asn1-kludge Output the 'request' in a format that is wrong but some CA's
have been reported as requiring
-extensions .. specify certificate extension section (override value in config file)
-reqexts .. specify request extension section (override value in config file)
-utf8 input characters are UTF8 (default ASCII)
-nameopt arg - various certificate name options
-reqopt arg - various request text options
Which server are you using? Debian, RHEL, CentOS or Mac OSX?
a2hosting and OS is Linux
I am not sure of the path of openssl.cnf in cloudlinux.. you can contact your hosting provider for the correct path.
for me it was /etc/pki/tls/openssl.cnf