This is a sponsored blog post by ZeroSSL. All reviews and opinions expressed here are, however, based on my personal experience.
Today I’m talking about a FREE way to get an ssl cert from ZeroSSL. How many have installed ssl certs before? It can be pretty confusing but Zerossl really makes it very simple and free. Not even a credit card is required. Their website here.
I’m going to walk through the whole setup. It took me less than an hour and that included taking screenshots and preparing items to write in this post. ZeroSSL really has done a great job with their instructions. And the last time I installed a certificate manually was probably 5 years ago. So it’s not like I was an expert.
ZeroSSL is the first real alternative to Let’s Encrypt. They offer completely free SSL certificates and make it very easy to install with a UI (which is what I used) or via API. They’re launching in partnership with an existing Certificate Authority and are a completely trusted Sub-Authority on their own.
Getting the Certificate
You can go here to get started. I just started and hit the “Get Free SSL” link. Then it took me to an account creation page, which I did. From there, I did this:
The free tier supports 3 90-day certificates. I’m not sure how the renewal is handled yet but I started with just a 90 day certificate. Let’s Encrypt defaults to 90 day certificates with an auto-renewal.
Then I hit a “Verify Domain” button which sends an email to the address I selected. The email I received looked like the below. I just clicked the link and entered the validation code contained in the email.
After verifying the domain, it was time to install the certificate!
Installing the ZeroSSL Certificate
ZeroSSL includes a nice button to download all you need for the certificate. I use nginx so I selected that for my web server.
Since this was a completely new web app, I had to create a fresh server block. I’m not going to go too deep into how to do this since Digital Ocean provides an amazing guide. This is the code I used to copy with ssh from my local machine to my web server.
Here is what my server block looked like before installing the certificate:
And this is a bit of code I always have to look up to create a symlink between sites-available and sites-enabled.
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
ZeroSSL offered a really good guide on how to make your server block for SSL. They provide instructions for each webserver, this is the nginx one. My converted server block for ssl looks like this:
So it turns out ZeroSSL is pretty great. It was incredibly easy to install and use with the UI. As I dig a little deeper here are some other, really cool bits of information:
- Unlike Let’s Encrypt, ZeroSSL not only offers an API/ACME, but also an easy-to-use API that allows users to create both 90-day and 1-year validity certificates through an unprecedentedly easy and simple process.
- ZeroSSL is currently testing their own ACME Server in BETA which will be released in May, and allows all existing ACME & Let’s Encrypt Clients to automate certficate issuing through ZeroSSL. We’ll basically be a plug-in alternative to Let’s Encrypt’s ACME.
- ZeroSSL offers both single domain, multi-domain and wildcard certificates for free through ACME, and allows users to create 1-year certificates with an affordable subscription plan.
- In addition to ACME, they offer a REST API to issue certificates automatically.
- Unlike Let’s Encrypt they allow users to validate domain ownership via email (not just DNS) making it much easier to quickly issue certificates via the UI.
It was incredibly easy to do this, even if you aren’t very technically comfortable handling ssl certificates. Go check out ZeroSSL here!