There are several ways you can get a free SSL certificate for your website. Even if you’re running a non-commercial website or blog, they are mandatory today. Not implementing SSL will result in a significant impact on your search rankings.
The easiest way of getting and installing a free SSL certificate is by using the tool provided by your web host. Many web hosting providers today will offer a utility that can help with installing and managing free SSL. In the cases where they do not, things can get a little more tricky.
Where to Get Your Free SSL
Surprising as it may sound, there are several prominent free SSL certificate providers around. All of them offer usable free SSL certificates and support operations by also having paid plans. Three of the top providers are:
ZeroSSL provides free SSL certificates to everyone. However, the free plan has some restrictions of it which can be a bit frustrating. Removing these restrictions will require paid subscriptions, which start at $8 per month onwards. Still, it’s entirely useable and secure for most basic websites.
The free plan on Zero SSL lets you generate up to three certificates valid for up to 90 days at a time. These can be downloaded and then installed using your web hosting control panel.
At this point, however, ZeroSSL is in a bit of a flux. They were recently acquired by Apilayer and are still in a consolidation process. Users may find methodologies and policies changing rapidly with this SSL provider.
- 90-day certificate validity
- ACME certificate management
- Quick validation
- Supports Wildcard certificates
2. Let’s Encrypt
Perhaps the most famous free SSL provider in the market is Let’s Encrypt. While it may not necessarily have “better” free SSL certificates, it has strong partnerships with many web hosting companies. This has led to the widespread availability of Let’s Encrypt certificates.
Unlike some free SSL certificate providers that follow a freemium model, Let’s Encrypt truly offers zero-cost certificates. It is a non-profit organization and runs on sponsorships (mainly corporate), having been in the market since 2016.
Let’s Encrypt certificate management is also automated thanks to integration capabilities with web servers. They are TLS-based Domain Validation (DV) certificates recognized as being secure. The service has also been improving over time, stretching compatibility with as many devices as possible.
- RSA-signed with 4096-bit keys
- Easy to use
- ACMEv2 & Wildcard supported
- Transparency reports available
Unlike ZeroSSL and Let’s Encrypt, SSL.com is a commercial SSL certificate provider. Not all websites should use free SSL, and those who need better certification will have to buy one. The special part about SSL.com certificates is that they offer a 90-day trial period.
This trial period enables you to test their service before committing to a longer term plan for your SSL. Since they are a commercial provider, SSL.com offers more than simple Domain Validation certificates. You can also get Organization Validation (OV) and Extended Validation (EV) certificates from them.
SSL.com certificates are backed by warranties, depending on which you choose. Basic DV certificates come with a $10,000 warranty, while at the upper end of the scale, it stretches to $2 million of EV certificate purchasers.
- Free 90-day trial
- 2048+ Bit RSA encryption keys
- Unlimited licensing and reissuing
- Official support channels
Getting and Installing Your Free SSL Certificate
There are many ways you can get and install free SSL certificates. In this example, we will be doing a run-through of how to install ZeroSSL through the cPanel interface.
1. Sign Up for a ZeroSSL Account
This process is remarkably simple. Just visit the ZeroSSL website and enter a username and password on the signup form. ZeroSSL doesn’t even require email validation to start with – that comes later in the process.
2. SSL Certificate Creation
From your ZeroSSL account dashboard, click on “New Certificate.” You will be prompted to fill in the domain name you wish to secure with the SSL. Note that ZeroSSL will present you with more options than are available for free accounts – these will be greyed out unless you sign up or a paid plan.
3. Choosing Validity
SSL certificates don’t last forever. Most commercial SSLs are issued on one-year terms, while free certificates seldom last longer than 90 days. Free users can skip this step and move on since there really isn’t a choice.
4. CSR & Contact
For certificate validity, the issuer will need to have contact information for the certificate owner. Here you can choose to let ZeroSSL auto-generate the information, or you can fill it in manually.
5. Finalize Order
Zero SSL will give you an option to sign on for a paid plan at this screen. If a free SSL is all you want, ignore what’s shown here and just click “Next.”
6. Verifying Ownership
To generate the free SSL certificate, ZeroSSL requires you to validate ownership of the domain you provided to it. There are a few ways you can do this, the easiest of which is via proof of email ownership on the domain.
a. Validation via Email
The validation will require you to have a specific email address on your site. ZeroSSL will only accept validation on [email protected], postma[email protected], and a few others listed in a dropdown list.
b. Validation via DNS
To use this method, you will need access to the DNS table for your domain name. ZeroSSL will provide some information that needs to be added as a new CNAME record on your DNS table.
c. Validation via HTTP Upload
If you choose to verify via an HTTP upload, the system will generate an authentication file for you and let you know where to place it. Download that file and use the file manager on your web hosting control panel to place it at the correct location specified.
Once you have completed the validation, a zip file will be created for you. Download this to your device and unzip it. It should contain three files; private key, certificate, and ca bundle. For the next step, log in to your cPanel dashboard.
7. Installing the ZeroSSL Certificate
On your cPanel dashboard, scroll down to the “Security” section and click on SSL/TLS. This will bring you to a screen with a few options. You will need to upload two of the files downloaded earlier into their respective areas.
- The private key goes into the “Private Keys” section.
- The certificate goes into the “Certificates” section.
Once the files have been uploaded, click on “Manage SSL Sites” and select the domain to secure. Next, click on the “Autofill” option, and when that is done, click on “Install Certificate” at the bottom of the screen.
With that, you are now the proud owner of an SSL-secured website. Congratulations!
Challenges in Using Free SSL
Primarily, which you choose will depend on your web hosting service provider. Not all web hosting service providers will support easy installation. Of the web host they do, there can also be differences depending on the host’s web hosting control panel.
While the process seems easy enough if you follow guidelines, there are always potential eros that may crop up. For example, ZeroSSL’s transition to Apilayer ownership hasn’t been entirely smooth. Changes in procedures have not been clearly spelled out, resulting in occasional confusion.
If a web host has an automated installation mechanism, things are a lot simpler. If not, the example given above for the installation of ZeroSSL using cPanel can give a rough idea of the process involved.
Most free SSL certificates also come with short expiry dates. While this isn’t cut to the point of inconvenience, they are short enough to be a slight annoyance. The typical timeline for expiry is 90 days, upon which you will need to renew your SSL certificate.
An increasing number of website owners today are making use of Content Delivery Networks (CDNs). This inclusion may add an extra layer of confusion for those new to SSL certification since DNS configurations may have to be applied to the CDN.
Conclusion: Simply Your Life
Rather than struggle with the complexities of SSL, a better option would be to sign one with a web hosting provider that supports them. If you do this, a large part of free SSL is automated, from installation to renewal.