Free SSL Certificate Creation

SSL certification is one of the common security feature of any web site. There are many certificate providers are available in the market, mostly all are paid service providers. But Certbot is one of the SSL certificate provider for free of cost.
The following are the steps to create the free SSL certificate using cerbot in ubuntu OS

Step 1: Install certbot

Run the following commands in your system to install the cerbot software

 cd /usr/local/sbin  
 sudo wget  
 sudo chmod a+x /usr/local/sbin/certbot-auto  


Step 2: Manual Configuration

There are many ways are there to configure the cerbot. Here i am going to share the steps for manual configuration.

Run the following command for manual configuration

 certbot-auto certonly --manual  

Enter your email address for communication.

 Requesting root privileges to run certbot...  
 Saving debug log to /var/log/letsencrypt/letsencrypt.log  
 Enter email address (used for urgent renewal and security notices) (Enter 'c' to  

Accept the terms & conditions.

 Please read the Terms of Service at You must agree  
 in order to register with the ACME server at  
 (A)gree/(C)ancel: A  

If you wish, share your email id for Electronic Frontier Foundation enter `Y`. I don’t want to share my email id. So i entered `N`.

 Would you be willing to share your email address with the Electronic Frontier  
 Foundation, a founding partner of the Let's Encrypt project and the non-profit  
 organization that develops Certbot? We'd like to send you email about EFF and  
 our work to encrypt the web, protect its users and defend digital rights.  
 (Y)es/(N)o: N  

System will show the following success message after the configuration of cerbot

  - Your account credentials have been saved in your Certbot  
   configuration directory at /etc/letsencrypt. You should make a  
   secure backup of this folder now. This configuration directory will  
   also contain certificates and private keys obtained by Certbot so  
   making regular backups of this folder is ideal.  


Step 3: Verify your domain

Once the configuration is completed. Cerbot will ask the domain name to create the SSL certificate. In the below code, I have enterd my domain name.

 Saving debug log to /var/log/letsencrypt/letsencrypt.log  
 Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'  
 to cancel)  

Cerbot will ask the permission to choose your system as SSL certificate generator. Hit `Y`.

 NOTE: The IP of this machine will be publicly logged as having requested this  
 certificate. If you're running certbot in manual mode on a machine that is not  
 your server, please ensure you're okay with that.  
 Are you OK with your IP being logged?  
 (Y)es/(N)o: Y  

Cerbot wants to verify the authority of that entered domain. So it will ask you to create a page in your site with particular content. Create a page in your site with that content.

 Make sure your web server displays the following content at before continuing:  


Step 4: Certificate Details

Thats it. The system will verity your domain and will show the following message

 Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem  
 Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem  
  - Congratulations! Your certificate and chain have been saved at  
   /etc/letsencrypt/live/ Your cert will  
   expire on 2017-06-15. To obtain a new or tweaked version of this  
   certificate in the future, simply run certbot-auto again. To  
   non-interactively renew *all* of your certificates, run  
   "certbot-auto renew"  
  - If you like Certbot, please consider supporting our work by:  
   Donating to ISRG / Let's Encrypt:  
   Donating to EFF:  

The success message will contain the following things

  • 0000_key-certbot.pem - 2048 bits key file
  • 0000_csr-certbot.pem - csr file
  • fullchain.pem - Full chain file
  • Expiry Date of that certificate and the renewal process details

We can use csr file or full chain file as SSL certificate.

Sarav Author

Leave a Reply

Your email address will not be published. Required fields are marked *