Before we start, let’s explain what is an SSL Certificate, why does it exist and why you should have one.
SSL – Secure Sockets Layer Certificates, that are often called “digital certificates” are used to establish encrypted connection between user and server they connect to. It protects sensitive data like personal data you provide in the form, credit card information and many others. Thanks to this certificate, user and server admin are sure, that data is being encrypted and it is impossible to intercept data.
How does it work?
Currently, SSL is a must-have, because thats to it a secure, encrypted connection can be established. Three keys are being used to create a symmetric session key that is used to encrypt all data that is being transferred between client and server and back.
Here’s the way it works: step by step:
- You connect to the server (e.g. website)
- This server sends you a copy of its key
- Browser creates a session key and encrypts it with server’s asymmetric key and sends to the server
- Server decrypts the session key sent from client’s browser
- Server and browser encrypt their connection using session key. This is secure, because only server and clients’ browser know the session key, because it is unique for every session. If you will disconnect from the server/site and connect again later, new session and new key will be created.
So… Why should I have it?
There are at least 3 reasons for having SSL Certificate:
As I wrote above – connection between client and server is fully encrypted. It is impossible, that data will be intercepted during the connection
May sound strange and basic but… What would you trust more? A page with lock icon or without? For me, it make me feel more secure.
Contrary to appearances, websites that have SSL Certificates and use TLS Protocol are being positioned better than pages that do not own SSL Certificate
OK, So how can it get my Free SSL Certificate?
There is no magic there 😉
Simply visit: https://certbot.eff.org/ and follow the instructions.
If you want wildcard certificate (that will work on your domain and all subdomain, like example.com, site1.example.com, site2.example.com), simply install certbot and then do the following command as below:
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d '*.example.com' -d example.com
Where example.com is your address, like mine, stelmaszyk.dev
REMEMBER: we are using DNS Challenge, so you will need to log into your DNS Registrar and add TXT DNS Entries as it will be shown in console window.