How to add a free SSL certificate to your website?

For you to have an SSL certificate on a website, you first need to know that you need to certify your website with a company that will ensure that the website is legitimate.

Each company acts in a certain way to guarantee its integrity, and some even offer insurance against unauthorized actions, useful for e-commerce sites.

But lately, Google has been pushing to make the internet safer, a project since 2016, but which has gained momentum now in 2017, as several easier ways to install certificates already exist, and even free options.
Whenever a site administrator in the past needed to certify a site, it was necessary to have a fixed IP and assign an SSL certificate on port 443 for the site. Until IIS 7.5 on the Windows operating system, it is still this way.

Starting with Windows Server 2012, IIS 8.5 introduced a feature that was already present on some Linux servers, which is support for SNI certificates.

Port 443 then has a self-signed certificate, just to receive the host name that the user will access, and only then with the name, a new SSL request is negotiated with the website's certificate.

SNI (Server Name Indication) certificates, which do not depend on validation by fixed IP anymore, are much cheaper, but have no guarantees as sites that are certified by IP.

Recently, a group of developers created a tool called Let's Encrypt, which is a certifier of SNI certificates, which verify only 1 file in the generated FTP to ensure that the site is real (at least accessible on the Internet), and completely free and automated .

The certificates are valid for 1 month or 2 months at most, but have a method to update the certificate automatically.

There is a project on Github called Lone-Coder, which is the version developed for Windows.

Let's Encrypt for Windows, version ready to run.
Download the zip file.
Package contents.
Extract the contents into a common folder for easy access.

See how easy it is to run Let's Encrypt:

In the first run, it will ask for an email from the system manager for error notifications.

After filling in the email, you will be asked to accept the terms.

Soon after, it will display some options. In this case, IIS has no website, and will then display the message "No IIS bindings", which means that it has not found any website on the computer, leaving only the options of sending the file to activate the website via WebDav, FTP, or manually create the certificate (which is to copy the file on a website and ask the acme Inc. website to validate the file to generate the certificate for SSL).

In this example, the site "" was found, and just type "1" to automatically generate the certificate, if, of course, it is accessible on the Internet, as Acme servers will try to access the site and file for verification, and on failure, it will not generate the SSL certificate.

Above, an example of authorization, the application automatically creates a file in the site directory, inside the folder ".well-known / acme-challenge /" and waits for Acme's servers to verify.

If there is a problem with Acme's servers accessing the site, be it DNS, it will be presenting the message in English. If it is accessible, with DNS ok, it will be generated and installed on the computer automatically, and the site will work with HTTPS (SSL) automatically.

The application also asks if you want (after installing the certificate) to add a scheduled task on the server to automatically check the certificates that are about to expire. Accept and all certificates, day after day, will be checked to be updated automatically, and any problems will be sent to the email informed in the first execution of the program.

Note: This method will have an SNI certificate on your website, that is, older browsers or operating systems such as Windows XP, do not recognize certificates of this type, always marking as an unsafe website. In case you need full compatibility, there are valid and guaranteed certificates with good prices from Comodo, for approximately US $ 99.90 / year.

1 comment: