Jordan Uses ZeroSSL

This is a sponsored blog post by ZeroSSL. All reviews and opinions expressed here are, however, based on my personal experience.

Today I’m talking about a FREE way to get an ssl cert from ZeroSSL. How many have installed ssl certs before? It can be pretty confusing but Zerossl really makes it very simple and free. Not even a credit card is required. Their website here.

I’m going to walk through the whole setup. It took me less than an hour and that included taking screenshots and preparing items to write in this post. ZeroSSL really has done a great job with their instructions. And the last time I installed a certificate manually was probably 5 years ago. So it’s not like I was an expert.

ZeroSSL is the first real alternative to Let’s Encrypt. They offer completely free SSL certificates and make it very easy to install with a UI (which is what I used) or via API. They’re launching in partnership with an existing Certificate Authority and are a completely trusted Sub-Authority on their own.

Getting the Certificate

rome prepared gif

You can go here to get started. I just started and hit the “Get Free SSL” link. Then it took me to an account creation page, which I did. From there, I did this:

step 1 zerossl

Next step was to set the domain that I wanted to add. In this case, I used pizza.javascriptwebscrapingguy.com. Because I really like pizza. If you enter just one top level domain, such as javascriptwebscrapingguy.com, it’ll auto add a certificate for the www.

zerossl step2

The free tier supports 3 90-day certificates. I’m not sure how the renewal is handled yet but I started with just a 90 day certificate. Let’s Encrypt defaults to 90 day certificates with an auto-renewal.

zerossl step3

One awesome thing that ZeroSSL does is that it allows for email verification. This is a very simple way to do it. You just enter the email address that is part of the domain you are creating. It auto suggests potential email addresses, such as admin@javascriptwebscrapingguy.com or admin@pizza.javascriptwebscrapingguy.com

zerossl step 4

Then I hit a “Verify Domain” button which sends an email to the address I selected. The email I received looked like the below. I just clicked the link and entered the validation code contained in the email.

zerossl step 6

After verifying the domain, it was time to install the certificate!

Installing the ZeroSSL Certificate

installing fun gif

ZeroSSL includes a nice button to download all you need for the certificate. I use nginx so I selected that for my web server.

zerossl step 9

Since this was a completely new web app, I had to create a fresh server block. I’m not going to go too deep into how to do this since Digital Ocean provides an amazing guide. This is the code I used to copy with ssh from my local machine to my web server.

scp -r ~/Pictures/zerossl\ steps/certs/ root@<ip-address>:/home/pizza.javascriptwebscrapingguy.com

Here is what my server block looked like before installing the certificate:

zerossl step 10

And this is a bit of code I always have to look up to create a symlink between sites-available and sites-enabled.

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

ZeroSSL offered a really good guide on how to make your server block for SSL. They provide instructions for each webserver, this is the nginx one. My converted server block for ssl looks like this:

zerossel step 11

After a quick restart….BAM. I was in business. Check it – https://pizza.javascriptwebscrapingguy.com/. So easy.

zerossl step 12

And for an added bonus…this is how I set it up so it’ll redirect any navigations to http://pizza.javascriptwebscrapingguy.com to https://javascriptwebscrapingguy.com.

zerossl step 13

Conclusion

So it turns out ZeroSSL is pretty great. It was incredibly easy to install and use with the UI. As I dig a little deeper here are some other, really cool bits of information:

  • Unlike Let’s Encrypt, ZeroSSL not only offers an API/ACME, but also an easy-to-use API that allows users to create both 90-day and 1-year validity certificates through an unprecedentedly easy and simple process.
  • ZeroSSL is currently testing their own ACME Server in BETA which will be released in May, and allows all existing ACME & Let’s Encrypt Clients to automate certficate issuing through ZeroSSL. We’ll basically be a plug-in alternative to Let’s Encrypt’s ACME.
  • ZeroSSL offers both single domain, multi-domain and wildcard certificates for free through ACME, and allows users to create 1-year certificates with an affordable subscription plan.
  • In addition to ACME, they offer a REST API to issue certificates automatically.
  • Unlike Let’s Encrypt they allow users to validate domain ownership via email (not just DNS) making it much easier to quickly issue certificates via the UI.

It was incredibly easy to do this, even if you aren’t very technically comfortable handling ssl certificates. Go check out ZeroSSL here!

Leave a Reply

Your email address will not be published. Required fields are marked *