Secure your website with Let's Encrypt

Some unimportant fairy-tale story begins…
Yesterday, I received an email notifying that my Let’s Encrypt certificate is about to expire. And today around 3PM UTC+8, it’s expired.
Unimportant fairy-tale story ends here…

Because I’m about to renew the SSL ceritifcate for my own managed informational website, I also take an opportunity in the weekend to write the guide also here since I’m currently idle from my development and school. (heck yeah)

I’ll be using Zero SSL in this guide since this website provides the easiest way to create your own free, trusted certificate. You can always use another service, though.

Why SSL is important?

Because there are some sensitive information that we might send to the destination server such as our account details, credit cards, passwords, etc. and at the same time we’re risking ourselves to have our data being stolen during transaction and we’ll never know it. SSL is exist to reduce the risk into minimum by encrypting every data transmitted beween client and server.

Step-by-step Guide

  1. Visit the Free SSL wizard page here.
  2. If you’ve an account key and CSR from previous SSL creation, go to section 1, if not go to section 2. Since I have them, I’ll go with section 1.
    1. Open your saved account key, copy and paste everything into the left box. Do the same for CSR, but paste it into the right box instead.
    2. Enter your email address (optional) and domains that you want to install Let’s Encrypt certificate into. Be warned that it doesn’t support wildcard for now, though they planned to bring support for it next year. If you’re done, click Next. At this time, both columns are empty! No worries, account key and CSR will be generated for you. Save them to your local computer somewhere safe.
  3. After both account key and CSR are provided, select your desired verification method. I’ll go with DNS verification since I’ve done this before on the target domain. Don’t forget to accept both ZeroSSL ToS and Let’s Encrypt SA, then click Next. (see marked steps below)

    If your key is accepted, go to the next step. If not, go to step 2 section 2.
  4. In this step, we’re about to verify that the domain is ours. I’ll only explain about verification with DNS; for HTML verification, follow instructions provided (sorry!). Page will provide you list of TXT record(s) that you should put into your domain’s DNS editor. Refer to your provider for more information. TXT record(s) are always started with _acme-challenge.
    After you’re done with DNS modifications, wait between 15-30 minutes and click Next or it’ll pop up an error.
    Note: If you’re using CDN service such as Cloudflare, you may need to add or update records there too.
    Pro tip:
    If you want to see if DNS records have been updated, execute nslookup -q=TXT _acme-challenge.<domain-name> in your PC with <domain-name> is domain that you wish to apply with.
  5. Congratulations! You’ll get a pair certificates to apply to your website. Refer to your hosting provider for SSL certificate installation. There are some cases where your certificate will be automatically updated and that’s what I get after disabling CDN temporarily, lol.

Remarks

Have you done all steps above and get a SSL-enabled website? Congratulations!
The certificate valids for 90 days instead of a year with paid SSL certificates, but if you want to renew the certificate just repeat steps above. Easy!

If you feel this service is useful for you, why not donate to the project? It’ll be helpful to make the project exists in the future.