The latest feature I intend to add to my Superstars web app are notifications of events finishing and overall winners. This will use the push notification API, part of the trendy new Progressive Web App movement. However the first thing I discovered is that push notifications require your site to be served over HTTPS, so I had to figure out how to install a secure certificate.
My hosting company – UKWSD – would charge me ~£40 per year to do this without me lifting a finger, but I thought there must be a cheaper way to do this myself, preferably for free. After some investigations I found zerossl.com who promise “free SSL certificates and free SSL tools for your website”. In the end the process was pretty simple.
- Using the FREE SSL Certificate Wizard at https://zerossl.com/free-ssl/ I created a Let’s Encrypt key and a Certificate Signing Request (CSR). Fill in your email address and domain or sub-domain. Click ‘Next’ once to create the certificate request, and once again to create the private key.
- GOTCHA – I have never been able to generate certificates for multiple sites, whether it be using a wildcard (*.ajcw.com) or comma separating the domains. Just do one domain at a time.
- You don’t need to copy the key and certificate request at this point (the site will give them to you again later), but it will force you to copy the text before you can move on.
- You’ll need to verify that you own the domains you are registering. This is done by uploading files to your site(s) with specific strings, for example a file called
ciugj_jljdss68HFDFHG7d_zQ7v05c9eQ
with the contentsciugj_WSB9WMmFwVlkjdsluf43ulj8763JGD7dsc834y_zQ7v05c9eQ.0Ge506Z7IxF3wi3FjmvFTLAwKg4MQafxayGHVRdOe-s
.- GOTCHA – make sure you copy these into the .well-known/acme-challenge/ folder; if there is an error, new keys are generated and you have to create and upload new files.
- Your Free SSL Certificate is ready on the next and final page.
- Visit the control panel of your site. Hopefully you will have a SSL/TLS section, in which is something like an Install and Manage SSL for your site page.
- UKWSD have a form in which you select your domain or subdomain, and have fields to paste in certificate (CRT) and private key. Paste in those generated by zerossl.com.
- GOTCHA – UKWSD’s control panel doesn’t work if you paste in both generated certificates – you’ll have to paste in only the first one.
- Click Install Certificate and you’re good to go.
Be aware the certificates last only three months and so must be renewed four times a year. I’m not yet sure what this process entails.
And that’s it. Finally you’ll want to update your server settings to 301 redirect your site to its new secure version, and you’ll almost certainly have some insecure content like images or scripts that you’ll need to amend.
Good luck, I hope this blog post helps.
Hello John,
I have recently found an article in your blog mentioning ZeroSSL.com. I’m glad to see that you have found ZeroSSL useful. I have noticed though that you mention not being able to issue a certificate for multiple domains. While wildcards are indeed not supported, using multiple domain names (whether separated by commas or whitespaces) is definitely supported and they should be accepted just fine, as long as they don’t contain clearly illegal for fqdn characters. I would appreciate it if you could let me know what precisely you have tried to enter into “Domains” field, so I could try to reproduce the issue.
Regards,
Alexander.