Let’s look into getting a FREE SSL/TLS certificate from ZeroSSL and implement it in Apache and Nginx web servers.
You might have heard a lot about the term like HTTP and HTTPS. In the early days, a protocol was defined, which was named as HyperText Transfer Protocol(HTTP). It is a way to communicate from browser to web server. When this communication happens, the data traveling on an HTTP protocol, just travel in the clear text formats. Due to this, it has been realized that the HTTP communication is not secure, and hackers were able to attack and intercept the important and sensitive messages.
To solve this issue, the HTTPS protocol came into the picture. It is a secure protocol, and acronym stands for HyperText Transfer Protocol Secure. It simply makes encryption to the data when the communication happens, and data travels from the web browser to the webserver. So that if any hacker picks up that information, it’s all encrypted.
How do HTTPS works?
The HTTPS protocol works on either of the two things, that is SSL(Secure Socket Layer) or TLS(Transport Layer Security). Both tools use PKI(Public Key Infrastructure). PKI, in turns, uses two key, ie. public and private keys. Anything which is encrypted using the public key can be decrypted using the private key and vice versa.
When we install an SSL/TLS certificate on our website, the ‘data encryption’ feature gets enabled. SSL is used as a checkpoint to guarantee the security of the data that is being exchanged over the Internet between the user’s browser and the website server.
Getting ZeroSSL certificate
ZeroSSL is a certificate authority (CA) that makes the thing very easy for everyone to install a certificate to make the website secure. You can get up to 3 certificates with 90 days validity in free.
Sign up with ZeroSSL
After logging in, the below page will appear. Click on ‘New Certificate.’
Enter the URL you want to secure and click on the ‘Next Step.’
Select 90-day certificate and Next
Let’s proceed with the auto-generate CSR option
Proceed with the “Free” plan
Next, you’ll need to verify the domain ownership. There are a few options.
DNS – if you can add a DNS record entry
Email – if you can receive the email to email@example.com
File Upload – if you can upload a file on the root of the domain
Choose what works for you. I’ll proceed with DNS entry.
I’ve added the CNAME and ready to verify domain.
Finally, once verified, the SSL certificate is ready to download.
Here is my downloaded certificates.
Its time to implement it.
Implementing on Apache
The following, I will install Apache on Ubuntu.
Login to server and install using apt-get command.
sudo apt-get install apache2
Let’s find out if Apache is running using systemctl command.
root@geekflare-lab:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-05-23 16:15:56 UTC; 3s ago
Process: 7852 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 14179 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 14196 (apache2)
Tasks: 55 (limit: 2362)
├─14196 /usr/sbin/apache2 -k start
├─14199 /usr/sbin/apache2 -k start
└─14200 /usr/sbin/apache2 -k start
May 23 16:15:56 geekflare-lab systemd: Starting The Apache HTTP Server...
May 23 16:15:56 geekflare-lab apachectl: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'Serve
May 23 16:15:56 geekflare-lab systemd: Started The Apache HTTP Server.
Great, it is running.
My domain (lab.geekflare.com) is already pointing to this Apache server.
But as you can see, it is not secured, and therefore, we will be configuring the certificate which we got from ZeroSSL.
Let’s create a directory called sslCA under /etc to store the certificate files.
Transfer the files to the newly created folder on the server
drwxr-xr-x 2 root root 4096 May 18 12:13 ./
drwxr-xr-x 92 root root 4096 May 22 06:07 ../
-rw-r--r-- 1 root root 2430 May 18 05:37 ca_bundle.crt
-rw-r--r-- 1 root root 2292 May 18 05:37 certificate.crt
-rw-r--r-- 1 root root 1702 May 18 05:37 private.key
Enable SSL module
sudo a2enmod SSL
We will have to restart the webserver so that the changes can be recognized.
sudo service apache2 restart
The next step is to configure the certificate files on the Apache SSL config file.
The name of the file is ssl.conf. We need to add the following in <VirtualHost directive.
After performing the restart, the SSL will get enable on the site. Let’s access the site using https://
And, as you can see, “Connection is Sure”. It means that our SSL certificate has been successfully applied to our webserver.
Implementing on Nginx
Nginx is located in Ubuntu’s default repositories, so it’s possible to install it from here using the appropriate packaging system.
The below command is used for installing the “Nginx”.
sudo apt install nginx
After installation gets success, we can start the Nginx using the below command.
systemctl start nginx
Check the status of Nginx.
root@geekflare-lab:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-05-19 06:54:00 UTC; 4 days ago
Process: 8634 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 8661 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 8653 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 8664 (nginx)
Tasks: 2 (limit: 2362)
├─8664 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─8707 nginx: worker process
May 19 06:54:00 geekflare-lab systemd: Starting A high performance web server and a reverse proxy server...
May 19 06:54:00 geekflare-lab systemd: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
May 19 06:54:00 geekflare-lab systemd: Started A high performance web server and a reverse proxy server.
As expected, the browser will show the warning as a connection to this site is not secure.
Let’s quickly implement the cert to make the site secure using HTTPS.
Let’s create example.com.conf file at /etc/nginx/conf.d location. The file content will look like the below.
Apache is the most popular Web Server, and if you intend to work as a Middleware/System/Web administrator, then you must be familiar with it. Apache HTTP is an open-source Web Server for Windows & UNIX.