Bruno Kitsune Website
Sponsored Ad

Nowadays owning a SSL certificate on your site is extremely necessary not only for the improvement in the results in search engines, like Google, but also to avoid alerts stating that your page is not safe.

The purpose of this tutorial will be to show you how to activate an SSL certificate for free on your site, even if it is a shared hosting plan. Yes, a security certificate without having to pay anything!

Important Note: This tutorial will require your host to allow SSH connection, otherwise this tutorial will not work! Since I need to demonstrate the tutorial somewhere, I will demonstrate this in my current service provider, which is Hostinger.

Collecting Information

Before we start we'll need some essential information and we'll split this step in two, okay?

SSH

To do the SSH connection we will need to know the IP, Port, User and Password. Each control panel must have its own location to show this information. Speaking specifically of Hostinger, it will show you this information in the Advanced section, SSH Access option, as shown in the image below.

The information we will need is inside the red rectangle, which had its information properly hidden in this tutorial for security reasons. It will be necessary to enable SSH access so that these options become available (which is done in Hostinger by activating the option that is just below the red rectangle shown in the image above).

I will use as an example the information below:

SSH IP: 111.111.111.111
SSH Port: 22222
SSH Username: x333333333
SSH PasswordH: 44444

Folder

In addition to the connection information, we will also need to know the complete directory of the site that you want to certify. To do this simply copy the directory that appears in the FTP client when you open your site, as in the example below done in the FileZilla program.

Important Note: In addition to the FTP folder, the vast majority of shared hosts leave all of your files in a master subdirectory. In the specific case of Hostinger, this information is shown in the sidebar of the control panel, as shown below:

Viewing the above image, it is easy to see which is my complete directory, it is the main folder followed by the FTP path. I will use as an example the directory below:

/home/x333333333/domains/brunokitsune.net/public_html/subs/ssl-tutorial

With this information we can start!

Installing ACME and Composer

We will need ACME (which is a client written in PHP) and a composer to do the procedure. For this you will need to connect via SSH to your server. If you use Linux, just use the system's default terminal, if you use Windows, you can use PuTTY, which can be downloaded this link.

When executing Putty, immediately on the initial screen, place the IP of your server and the port, as shown in the image below:

Remember to use your information, as the ones shown below are just an example.

It will open the terminal screen. There is the possibility of the program asking you to confirm your SSH user and SSH password, if this happens just put the respective data and press Enter.

You will know that everything is fine when you see the -bash message, as shown in the example below:

Note: If you have not requested the user and password in the previous step, or if you are using the default Linux terminal, we will need to force the program. To do this, simply execute the command shown in the example below:

ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -p 22222

Done this will prompt the user and password to connect.

The next step is to clone the ACME client from the github repository, this can be done by running the following command:

git clone https://github.com/kelunik/acme-client

Tip: You can paste information into PuTTY by right-clicking it.

The installation procedure should start, and it may take a reasonable time depending on your server.

Once completed, access the ACME folder:

cd acme-client

Finally, we will download and install the composer. This can be done by executing the command below:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"; 
php composer-setup.php;
php -r "unlink('composer-setup.php');";
php composer.phar install --no-dev

Generating the SSL certificate

Now that we have installed everything, we need to register your email as the owner of the certificate, so you can be notified if something goes wrong. To do this, simply run the following command:

php bin/acme setup --server letsencrypt --email This email address is being protected from spambots. You need JavaScript enabled to view it.

Note que você deve trocar o e-mail de exemplo: This email address is being protected from spambots. You need JavaScript enabled to view it. pelo seu e-mail real.

Generating the certificate is very simple, just execute the command below:

php bin/acme issue --domains domain1:domain2 --path path1:pah2 --server letsencrypt

You can register multiple domains (or subdomains) at once, including your site, it is extremely likely that you will want to register example.com and www.example.com on the same certificate, so you only have to separate domains and directories by the : symbol. Note that in this case, both example.com and www.example.com are in the same folder, then path 1 will be the same as path 2.

As an example, imagine that I want to register the subdomains ssl-tutorial.brunokitsune.net and www.ssl-tutorial.brunokitsune.net, the command would look like this:

php bin/acme issue --domains ssl-tutorial.brunokitsune.net:www.ssl-tutorial.brunokitsune.net --path /home/x333333333/domains/brunokitsune.net/public_html/subs/ssl-tutorial:/home/x333333333/domains/brunokitsune.net/public_html/subs/ssl-tutorial --server letsencrypt

Note: For purposes of this tutorial, I will only issue the certificate to one of the subdomains, because Hostinger does not create a subdomain with www.

If the procedure was successful, you will see a message written in green stating that the certificate was successfully issued, as you can see in the following image:

Note that Hostinger will not allow the installation of certificates through SSH, for this reason we will need to do this process through the control panel.

Note that now that you have installed ACME and composer, you do not have to repeat the whole procedure to issue other certificates, just run PuTTY, log into your account, open the ACME folder (cd acme-client) and then execute the command to generate a certificate.

If an error message appears, look carefully at the reason, it may be a typo in the domain or directory. Also remember that if you just bought or transferred a domain, the DNS propagation process can take up to 72 hours, in which case you need to wait to be able to issue the certificate.

Installing the SSL certificate

Now that the script is ready, let's install it on our server. To do so, first we will download the certificate to our computer.

Open your FTP client and connect to your master account. In it, open the folder below:

/acme-client/data/certs/acme-v01.api.letsencrypt.org.directory

Download the folder that has the desired domain on your computer, as shown below:

When you open the folder on your computer, you will see that there are four distinct files: cert.pem, chain.pem, fullchain.pem, and key.pem. To activate the certificate we will need two of them, fullchain.pem and key.pem. 

For now let's open these two files. If your operating system requests a program to open the files, select a simple text editor, such as Notepad. Leave both files open as we will need them soon.

Now let's enable SSL on our site. Speaking specifically of Hostinger, it will show this information in the Advanced section, SSL option. On the screen that opened, scroll down to Custom SSL.

In the Domain field, select the domain you want, in the certificate (CRT), copy and paste the contents of the fullchain.pem file, and in the private key, copy and paste the file contents of the key.pem, as shown in the image below:

If everything has been done successfully, clicking the install button will bring you a message that SSL has been installed successfully.

You can force users to see the secure version of your site. In Hostinger, just select the "Force HTTPS" option, which appears in the SSL section.

To test if everything works correctly, try opening the secure site in your browser, that is, the address of your site starting with https://.

If the procedure was done correctly, you will see a padlock being displayed at the address. I point out that your temporary files can cause problems in the test, so it's worthwhile to test in private mode and if any errors occur, then clear your browser history.

Finally, the Let's Encrypt certificates have a validity of 90 days and in this period you need to renew the certificates, however, we can automate this process in Hostinger by doing a Cron Job, for this, go to the Advanced section, Cron Job option.

In the Type option, choose Custom, in Command to Run, copy the code that you used to generate the certificate, which in my example case was:

php bin/acme issue --domains ssl-tutorial.brunokitsune.net:www.ssl-tutorial.brunokitsune.net --path /home/x333333333/domains/brunokitsune.net/public_html/subs/ssl-tutorial:/home/x333333333/domains/brunokitsune.net/public_html/subs/ssl-tutorial --server letsencrypt

Choose to run once a month, every other month, and in the others keep the default options, as shown in the image below:

Once this is done, the certificate is scheduled to be renewed. If there is a problem, an automatic email from Let's Encrypt will be sent to you stating that something unexpected has happened, in which case you just need to reissue the certificate and update it in your control panel.

Did you like the tutorial? If you have any questions, just use the contact form available at the top of the page! 

Sponsored Ad