Publish: 2023-05-26 | Modify: 2024-03-05
Enabling SSL certificates is crucial for website security. It encrypts data transmission, preventing hackers from eavesdropping and tampering. SSL certificates enhance website credibility, increase user trust, and are favored by search engines, improving visibility and traffic. Moreover, SSL certificates also prevent phishing and malicious software threats, protecting user safety. For websites involving sensitive data transmission, enabling SSL certificates is a necessary measure.
Currently, major vendors such as Alibaba Cloud, Tencent Cloud, etc., provide free DV SSL certificates, but there are some drawbacks:
If you are looking for a free SSL certificate alternative or supplement, you can try "Let's Encrypt".
Let's Encrypt registration link: https://letsencrypt.osfipin.com/jump/share?code=E69XM4KD (Use referral code:
E69XM4KD
to earn 5 points)
You can register via email or phone number without the need for real-name authentication.
Apply for an SSL certificate in the Let's Encrypt backend, supporting multiple domains and wildcard domains, addressing some of the limitations of free DV SSL certificates.
The second step is to submit CSR and choose an encryption algorithm. For CSR, it is generally recommended to choose the default auto-generated option. If you require higher security, you can submit your own CSR (not recommended for non-operations staff). The algorithm usually chosen is RSA for better compatibility.
Supporting 4 certificate channels (as shown below), with the shortest 3-month validity period and the longest Buypass supporting a 6-month validity period (but Buypass does not support wildcard domains).
Note: Independent applications require points redemption, which can be obtained through author rewards, mini-program check-ins, etc.
After submission, wait a few seconds for the task creation:
Here xiaoz chose manual verification with DNS verification method.
xiaoz uses CloudFlare and directly goes to the CloudFlare backend to add TXT type resolution as required by Let's Encrypt.
Once all resolutions are added, click on "Verify All" and submit the verification.
Next, wait for verification. Independent channels are faster (usually within 5 minutes), while free channels have a longer waiting time (usually 10-30 minutes), which may not be as fast as Alibaba Cloud or Tencent Cloud, suitable for non-urgent applications or directly purchasing independent channels.
After successful application, you can download the SSL certificate for deployment.
The downloaded certificate contains multiple files, as shown below.
Usually, if using Nginx as the web server, you only need the following 2 files:
fullchain.crt
: Full certificate, can be renamed to pemprivate.pem
: Private key, can be renamed to keySome friends may ask, since "Let's Encrypt" supports multi-domain SSL certificates, wouldn't it be convenient to submit dozens of domains at once? However, it is not recommended because the more domains you submit, the more verification records there will be. If one or more domains fail to verify for some reason, none of them will be approved.
Therefore, it is recommended to submit a reasonable number of domains per application, ideally within 5, not too many, as it may hinder successful application.
Let's Encrypt can serve as a supplementary tool for SSL certificates. Its advantages include free support for multi-domain and wildcard domain SSL certificates, but its disadvantages include short certificate validity periods (3-6 months) and slow application speeds.
Let's Encrypt registration link: https://letsencrypt.osfipin.com/jump/share?code=E69XM4KD (Use referral code:
E69XM4KD
to earn 5 points)
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.