Publish: 2016-10-22 | Modify: 2017-06-21
Aliyun has had a free DV SSL certificate for some time. Previously, it was in cooperation with Wo Tong, but due to Mozilla's rejection of all certificates issued by Wo Tong and StartSSL within the year, Wo Tong closed the free SSL application and other partners followed suit. However, Aliyun and Tianwei Chengxin quickly continued their cooperation and launched a free SSL certificate from Symantec.
To apply, first log in to your Aliyun account and open the application address: Cloud Shield Certificate Service. Follow the instructions below and click "Buy Now" to complete the purchase:
After successful purchase, go to Aliyun's backend -> CA Certificate Service -> find the pending order and complete it.
Next, fill in the information. Pay attention to the domain verification type. If your domain does not have a website, it is recommended to use DNS verification. If you already have a website, you can choose file verification.
The last step is to generate the CSR file. If you are not familiar with this, it is recommended to choose system generation. After successfully creating the CSR, submit it for review.
After submission, the status will change to "under review" and you will receive an email from Tianwei Chengxin, requesting CNAME record resolution for your domain. For example, I am asked to set the CNAME record of the domain osn4nn4txpm6q2ki35pvchuq2na3yel.xiaoz.top to s20161021220646.xiaoz.top.
You need to go to your domain registrar to perform the resolution. Fill in the hostname as osn4nn4txpm6q2ki35pvchuq2na3yel, select CNAME as the type, and fill in the corresponding value as s20161021220646.xiaoz.top. Finally, wait for the resolution to take effect. Note: This step is only a demonstration using www.xiaoz.top. Please check your email for the specific hostname and corresponding value.
In this step, it is important to double-check your resolution records. If the corresponding value is filled in incorrectly, it will result in a failure. You can try resubmitting and adding a new resolution.
After correctly adding the resolution, you will generally see that the issuance is successful after a few minutes. In the backend, you can choose to download the corresponding server type certificate for deployment. If you are using Nginx as your web server, you can refer to How to Deploy SSL Certificate with Nginx.
Due to Mozilla's possible rejection of some certificates issued by Wo Tong and StartSSL within the year, it is no longer recommended to apply for a free StartSSL certificate (Wo Tong has closed the free application). Other free certificates have no significant difference, but Aliyun can submit its own CSR and apply for certificate revocation (Tencent Cloud does not support this).
Related recommendations:
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.