SSL Certificates became very common these days, especially after free SSL certificates rose to existence. In fact, most websites use a free SSL certificate. The most common provider for those free SSL Certificates is Let’s Encrypt which does not issue certificates directly instead, it has an API that allows various programs to automatically verify the domain ownership and issue the certificate.
This protocol is called the ACME Challenge. It allows Let’s Encrypt to make sure that the domain you use is owned by you. This challenge can be completed with two methods:
- A File in .well-known/acme-challenge
- A TXT record for _acme-challenge. (Only choice for wildcards)
Either way you complete them, it will lend the same result. You will end up with a private key, a certificate, and a CA Bundle. Except the private key, other two will be publicly available on your site after install.
If we are now done with the basic concepts, it is time for the tutorial itself.
There are a few providers, but we will use a very simple on of those called Shield Signed. It uses a web interface to manage your certificates, in case you lose your certificates, they stored in your account.
To start off, we need to go to shieldsigned.com
Click on either login or signup button on the top right
You will be presented with either a signup form or a login form if you have signed up before. Fill in your details and submit the form.
If you are signing up, you will also need to confirm your email.
From this part on, we will proceed with the verification. Please make sure that you are logged in and have access to your domain.
From the dashboard, click on ‘New Certificate’
Type your domain in there, you can separate multiple domains with commas.
After typing your domain, concentrate on the options next to the submit button.
There are two types of Challenges. If you select DNS you would need access to the domain’s DNS Records whereas you could just use HTTP if you have document root access. In this case, I will be going with DNS but HTTP is also very well explained in shieldsigned’s interface.
You should see the following page after submitting.
Copy the record value and go to your DNS Settings (Zones).
Create a new TXT record for
_acme-challenge.yourdomain.com with the value from ShieldSigned.
After this point, it might take 5~10 minutes for shieldsigned to verify the update. You can wait on the certificate page to wait. When it is done, the status will show up and you will be able to download it from the certificates page.
To do so, go to the menu and click on certificates.
On that page, you certificate will show as completed and you will be able to download it via the download zip button.
Thanks for reading this article! Please share and don’t forget to comment.