The first step in enabling HTTPS support for a website is obtaining an SSL certificate. Obtaining a free SSL certificate from Arvancloud is made possible with just one click. Certificates are files issued by Certificate Authorities (CAs). To obtain an SSL certificate, several steps must be followed, which include:

  • Generating CSR

  • Sending CSR to a trusted CA

  • Installing the SSL certificate received from the CA on the server

  • Repeating the process every time the certificate expires

If any issues or errors occur during these steps, the HTTPS connection between the browser and the server will fail.

In recent years, Arvancloud has worked to provide its users with a free 3-month SSL certificate from Let’s Encrypt. With this, Arvancloud users can obtain the certificate without any cost, and once it expires, it will be automatically renewed without any additional action. The added benefit of Arvancloud’s free SSL certificates is that they are provided as Wildcard certificates. You can learn how to obtain a free SSL certificate from Arvancloud for your website by following the provided instructions.

When using Arvancloud’s free SSL certificate, you no longer need to install the certificate on your main web hosting server. By enabling this option in the Arvancloud panel, the communication between your users and Arvancloud’s edge servers will be over HTTPS. However, keep in mind that communication between Arvancloud’s servers and your main hosting server will still be over HTTP. To secure this communication, you can obtain a free SSL certificate and install it on your main hosting server.

This article provides instructions for Arvancloud customers who, for any reason, wish to obtain or generate a free SSL certificate for installation on their main hosting server to establish a secure connection with Arvancloud’s edge servers, using Certbot or SSL for Free website.

 

Issuing a Free SSL Certificate from Let’s Encrypt Using Certbot

Let’s Encrypt is a CA managed by the Internet Security Research Group (ISRG) that provides free certificates for all domains. To obtain a certificate from Let’s Encrypt, software that supports the ACME protocol must be used, which runs on the web server. Below are the steps for issuing a certificate using Certbot.

  1. Install Prerequisites

    If you have SSH access to the web server, you can use the ACM client Certbot. Once SSH access is established, ensure that Python 2.7 or 3 is supported. Use the following commands to install the prerequisites:

    apt-get update
apt-get install python-minimal
python --version
apt-get install git-core
git --version

  2. Install Certbot

    The next step is to install Certbot. To install Certbot from GitHub, use the following commands:

    cd /opt
git clone https://github.com/certbot/certbot.git

  3. Generate Wildcard SSL Certificate

    A Wildcard certificate allows you to enable HTTPS for your domain and all its subdomains with a single certificate. This eliminates the need to obtain separate certificates for each subdomain.

    To generate a Wildcard certificate, use the following command:

    certbot-auto certonly --manual --preferred-challenges=dns --email your@email.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com

    Replace your@email.com with your email address and example.com with your domain name. To generate a Wildcard certificate, the * must be included at the beginning of the domain name, as shown in the command above.

    If you need to generate multiple certificates, you can use the -d option along with your domain name.

  4. Domain Ownership Validation

    In this step, Certbot will ask you to add a TXT record to your DNS to verify domain ownership. This request is made due to the –preferred-challenges=dns option used in the previous step. This request is like the following image:

    free ssl

    If you’re unfamiliar with how to add a DNS record, refer to your hosting provider’s documentation for more information. To add the TXT record:

    • Record Name: According to the output, the record name should be _acme-challenge (depending on your DNS provider, you may need to format it as _acme-challenge.example.com).

    • Record Value: This field should be filled with the value provided by Certbot. For example, in the picture above the value provided by Certbot is VWHqMqojnAZb8oLV2ZMaqaeUUyiTAX4-3KeokqJ69hE.

    After creating the record, save the settings and press Enter in Certbot.

  5. Check for Successful Certificate Issuance (Optional)

    After completing the steps, if the certificate issuance is successful, you will see a page confirming it.

    You can also check the certificate status using the following command:

    certbot-auto certificates

Issuing Let’s Encrypt SSL Certificates Using SSL for Free Website

Another way to obtain a Let’s Encrypt certificate is by using the SSL for Free website. Simply enter your domain name on the website to easily obtain a free Let’s Encrypt certificate.

Renewing the Issued Certificate

Let’s Encrypt certificates are typically valid for three months, after which they must be renewed. To renew the certificate using Certbot, simply run the following command:

certbot-auto renew

Note: If SSH access to the web server is not available, you will need to use your hosting provider’s services. With Let’s Encrypt support, they can request, install, and automatically renew the certificate on your behalf.