Adding SSL certificate to a web server
"Let's Encrypt " is a free, automated, and open certificate
authority (CA), run for the public's benefit. It is a service
provided by the Internet Security Research Group (ISRG)
Certbot for Windows is discontinued as of Feb 2024.
Windows: install Ubuntu Terminal Environment (WSL) from Microsoft
Store.
(WSL) sudo apt update
(WSL) sudo apt install certbot
(WSL) sudo certbot certificates (show SSL certificates on local
drive and expiry dates)
Start generating SSL certificates for a web server:
(WSL) sudo certbot certonly --manual -d pigtail.net -d
www.pigtail.net [replace pigtail.net with yourdomain]
Phase 1: Prove of domain control:
certbot will ask you to create a new folder/directory (e.g. using
WinSCP)
with a long encrypted string at
document_root/.well-known/acme-challenge/
(for GoDaddy: /public_html/.well-known/acme-challenge/ )
Create a file index.html in that newly created directory.
Edit index.html as if it were a text file, it must have exactly one
line of string, given by certbot
(important: a CRLF or LF is required at the end of the string).
Repeat the above process one more time.
If prove of domain control is successful, certbot will generate SSL
certificates (with 89 days validity period) and save them at
(WSL) /etc/letsencrypt/live/
Phase 2: Copy and paste contents of fullchain.pem and
privkey.pem via GoDaddy "cPanel Admin":
(GoDaddy) invoke cPanel -- Security -- SSL -- CERTIFICATES(CRT):
(WSL) sudo -s [elevate to superuser (root)]
(WSL) ls /etc/letsencrypt/live/yourdomain.net
(WSL) cat /etc/letsencrypt/live/yourdomain.net/fullchain.pem
copy and paste the content of fullchain.pem to the "Upload a
New Certificate" box, click "Save Certificate",
back to "Certificates on Server", find the newly uploaded
certificate, click "Install",
(WSL) cat /etc/letsencrypt/live/yourdomain.net/privkey.pem
copy and paste the content of privkey.pem to "Private Key"
box, click "Install Certificate".
Alternative method of proving domain control:
sudo certbot certonly --manual --preferred-challenges "dns" -d
pigtail.net -d www.pigtail.net
Launch DNS manager, create a "TXT record" with the value given by
certbot.
Name of TXT record is _acme-challenge, value of the record is
the string given by certbot
Other sites you can buy SSL certificates, price varies from
reasonable to "enterprise $$$". They are:
Comodo, RapidSSL, SSL.COM, DigiCert, Entrust, GeoTrust, GlobalSign,
Cloudflare, Symantec, SSL for Free, NameCheap