What is SSL certificate?
An SSL certificate, or Secure Sockets Layer certificate, is a digital certificate that helps establish a secure connection between a web server and a user's browser. It is used to encrypt the data transmitted between the two parties, ensuring that it cannot be intercepted or tampered with by unauthorized individuals.
When a user visits a website with an SSL certificate, the browser and the server initiate a secure connection by exchanging cryptographic keys. This process is known as the SSL handshake. Once the connection is established, all data transmitted between the browser and the server is encrypted and decrypted using these keys.
SSL certificates are typically used by websites that handle sensitive information, such as personal details, credit card numbers, or login credentials. They provide a way to verify the identity of the website and encrypt the data to protect it from being intercepted or modified by attackers.
SSL certificates are issued by trusted certificate authorities (CAs) after the website owner completes a validation process.
When choosing SSL, alway go wildcard, a wildcard SSL supports all your subdomains including your main domain.
Main Problems with Non-Free SSL Certificate
Non-free SSL certificate has two core problems. It is obviously expensive, getting an SSL certificate is very process oriented and is not automatic. Also setting up the certificate is tedious and requires OS administration skills. Let us know go through their drawbacks in detail.
High and recurring cost
Pricing of Wildcard SSL certificate from a popular SSL provider Comodo is listed below
Note: The pricing is December 2023.
It costs $89 after offer for purchasing 1 year of certificate and that too its original price is $249 USD.
Here are costs of a wildcard SSL certificate from another popular SSL cert provider - digicert.
It costs over 1000 USD for a wildcard SSL certificate.
Not only the price greatly varies between providers but they also confuse us with many different features like VA, CT log monitoring... Which are not required to host a SSL certificate for your website or application.
Process overkill
If you think paying more for a SSL certificate gets you ahead of the process, then think twice. They only make you wait longer by asking you to fill lengthy forms, go through business verification and validation process to get your SSL certificate. The main pain point is that you have to go through this process every year even if you purchase a multi-year SSL certificate.
SSL setup horror
May be the term is too dramatic, but setting up your SSL certificate from commercial providers is not straight forward. Every year you have to download their bundle, convert it to a format that is accepted your application server or OS. Especially if your OS is Linux which is common in these cases, you have to Google, ChatGPT to find the right solution based on your Linux distribution as what works for Ubuntu will not work in Fedora. And couple it with your version of app server it really becomes a nightmare especially if you have basic OS administration skills.
Save from all these, Go FREE , literally !
There are other ways to get SSL cert without spending a dime, from a trusted provider, without process, automatic renewal of SSL period, minimal or infact no setup. These are the features you require for your SSL cert and not the above.
In this article, I will go through 3 different ways to get Wildcard SSL for your website and application by saving hundreds of dollars every year and without the hassles of setup. Sounds unbelievable ? well check it out.
1. Free SSL from AWS (Amazon Web Services)
If your Website and/or Application is fully hosted under AWS, then this is the best solution for getting SSL for Free and that too from a Trusted Provider like AWS a pioneer in cloud infrastructure services.
AWS provides a service called AWS Certificate Manager , where you can request and install SSL certiciates for your domain without any setup. Just make sure your domain uses AWS Route53 service.
Certificates provided through Amazon Certificate Manager (ACM) can only be installed on Elastic Load Balancers (ECB - frontend of EC2), CloudFront (frontend of S3 hosted site).
Let us check on How to use with EC2 instance servers:
1) Assuming you already run your website or application hosted in a EC2 server (any application server, any OS or linux distribution - does not matter)
2) Create a Target group, give a appropriate name and add your EC2 instance to the group. Select your Instance VPC
3) Setup an Application Load balancer. Goto EC2 console, select Load balancers from left sidebar. Then click on "Create Load Balancer" and select "Application Load Balancer"
Select listener in this form as https and choose your created target group.
Now in the certificate section, choose source as "From ACM" and select the created certificate from ACM. If you have not created then create the certificate in ACM as shown below.
And enter your domain in wildcard format
The DNS validation is easy if you use Route53 for your domain's name servers. It is a one time setup and is not recurring.
4) Now for the last crucial step, you have to point your domains in AWS Route53 to the Application load balancer instead of the Instance IP address as shown below
If you use CloudFront for your application frontend service, then it is even more easy. In your CloudFront settings, select the SSL certificate from ACM as shown below
Certificates in AWS automatically renew, there is no server or OS level configuration at all. And its verification process is almost automated. Only drawback is you cannot export ACM certificate and use it elsewhere.
2. Caddy Application server
If you do not use AWS, and you want to use SSL for your static website, ecommerce store without any cost, then Caddy Application Server is recommended. It is super simple to setup (even easier than Apache or Nginx) and comes with automatic SSL certificate out of the box with no configuration.
Just like AWS, certificates automatically renew, no process involved, also it can be installed in any hosted server. One drawback is that it requires additional setup at the server level.
3. Let's Encrypt SSL certificate
If your cloud environment is unique or your use SSL in different ways like API gateways, services other than just websites or apps, then this the way to go. Goto letsencrypt website, and request a free SSL certificate using the tools they provide. Note to request a certificate you require terminal or shell level access to your server.
This is the most flexible option but also the least recommended way as it involves process, and require admin level skills to acquire and renew certificates.
Hope the above article is useful is helpful in obtaining free SSL cert for your server without any costs. If you still feel the above options are more technical, choose a cloud application for your hosting needs. For example use Wix or Webflow for your website, SubPage.app for business level solutions. These services comes with no-code, no-setup way to provide a SSL for your business.
Whatever you choose, it is upto you, but do not host or serve your website or app without SSL. Sites without SSL cert, do not rank in google and are classified as harmful in browsers like Google Chrome. Even if it is a static website, make sure it is SSL enabled.
