First we need to create a CSR-request for an SSL Certificate. As a result, we will get 2 files (domainname.key - an encrypted private key and domainname.csr - CSR with the RSA private key). I have these files are generated automatically during domain creation.
Generate CSR
If you do not have this files, then we go to the server via SSH.
1. Install openssh, if not installed:
sudo apt-get install openssl
2. Next, go to the folder where you will be stored certificates. It is: /var/www/httpd-cert/userName or /etc/apache2/ssl or /your/variant. And enter the command to generate an encrypted private key:
1st variant, with password:
openssl genrsa -des3 -out domainname.key 204
You need to enter a password to access the file. Also, this password must be entered each time you run a web server. If you lose your password you will need to order a new certificate.
2nd variant, without password:
openssl genrsa -out domainname.key 2048
For the name of the private key is best to use the domain name for which the certificate is ordered (for example : devreadwrite.com.key instead domainname.key).
3. To create a CSR with the RSA private key, type the following command in the console:
openssl req -new -key domainname.key -out domainname.csr
If you create private key with password (using key -des3), then you will be prompted for the password.
When creating a CSR you must enter the information that will be displayed in the certificate. Do not use the following characters: < > ~ ! @ # $ % ^ * / \ ( ) ? . , &
4. Fill in the required fields:
Do not enter password.
5. Now we can check the CSR:
openssl req -noout -text -in domainname.csr
Getting a free SSL certificate from WoSign
Next, go to the website: https://buy.wosign.com/free/?lan=en and register and (or) authorize yourself there. Go to the tab Request a Free SSL Certificate. In field Domain name enter the list of domain names for which we need to get an SSL certificate. Next, select the certificate validity period, choose a language of certificate, enter the captcha, agree with the rules and click "Submit request"
Next, go to the tab "My Order".
Verifying domain ownership
If it is your first order, then you will need to pass the domain verification. In the tab My Order click on Domain Control verification and choose convenient for you method of verification:
For example, by adding .html file for a confirmation to the site.
Adding an html file to the site, enter the captcha and click on the verification button:
After verification of the domain, we continue.
Certificate Signing Request (CSR)
Continue. Open list of your order and click Submit CSR:
A pop-up window in which you must enter the contents of a CSR file.
Content will begin with a line -----BEGIN CERTIFICATE REQUEST----- and end -----END CERTIFICATE REQUEST-----, paste it:
Then click Check CSR:
If all is well, then click Submit.
Certificate within 30 minutes will be signed:
We are waiting for a letter. When you receive an email, you need to click on the link, enter the captcha to accept the terms of use and click on the button Retrieve.
Download archive:
Open it and take the file from the for Apache.zip. if your website running on Apache or open the file corresponding to your requirements. Then replace the file domainname.crt or its contents to the received from the archive. As I wrote above, I have a certificate. So I just have to restart Apache:
/etc/init.d/apache2 reload
Connect the SSL certificate to a domain
If the certificate is not connected, then you need connect it. Connect it you can several variants:
1 variant.
Open content management panel. in your domain settings add Secure connection (SSL). And from the drop-down list, select our certificate. Reload Apache.
2 variant.
Go to the edit host /etc/apache2/vhosts/domainname/ and add the following lines:
SSLEngine on SSLCertificateFile "/path/to/domainname.crt" SSLCertificateKeyFile "/path/to/domainname.key"
Save and restart of Apache:
/etc/init.d/apache2 reload
Now you have a free SSL certificate and HTTPS protocol on the site.
How to connect an SSL certificate on Nginx can be read here: Let's Encrypt. As a free add SSL/TLS certificate and the HTTPS protocol on the your site, step by step guide
Additionally
After successful HTTPS protocol settings do not forget to make a 301 redirect from HTTP to HTTPS. This is described here, for NGINX: Nginx, 301 redirect for all occasions, for Apache: 301 redirect for all occasions using .htaccess
Also, you must configure the connection of external scripts and images to https connection, for example:
<link rel="stylesheet" type="text/css" href="http://devreadwrite.com/style.css" />
replaced by:
<link rel="stylesheet" type="text/css" href="//devreadwrite.com/style.css" />
In this case, the file will be obtained by the same protocol in which a site has been requested, in this case https. Or, specify the protocol explicitly.
<link rel="stylesheet" type="text/css" href="https://devreadwrite.com/style.css" />