Free ssl certificate


certbot certonly --webroot --agree-tos --expand -w /path/to/your/domain/public/dir/ -d,

I know 2 popular ways to get free ssl certificate:


Let's Encrypt -- non-commercial organization, that gives certificates, valid 90 days. Special program called certbot is required. One can get it from github or install from you distro's repositories. Next step: requesting certificate itself. Call the command from top of the post with root privileges. Must edit path and domain name first. Output should be like this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /path/to/your/domain/public/dir/ for all unmatched domains.
Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-00-00. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

If everythig is ok, you should have files /etc/letsencrypt/live/ and /etc/letsencrypt/live/ Add these into nginx config. The certificate is ready.

Important, given that certificate is for 3 months only, letsencrypt recommends to update in monthly. To achieve this add into root crontab next task:

#letsencrypt MANUAL
20 20 * * *     certbot renew >/dev/null 2>&1

2.Cloudflare -- cloud service, that provides services such as CDN, DDOS-protection, DNS and the ssl certificates.

It is much easier to plug in, no need to update every month, but ns-server change needed and traffic will go through cloudflare.


If there is access to domain administration, I`d prefer cloudflare over letsencrypt: setup is faster, a lot of features out of the box. Beside that, it is possible to explain someone how to add certificate to his website using phone call. You can`t do the trick with letsencrypt. However, cloudflare is complex solution. If the task is just "switch to https", letsencrypt seems a better option. Also, it is quite ease to automate certbot usage.

published 2019-03-26 13dagger