How to Install Free ZeroSSL Certificate on Ubuntu Server
In the previous tutorial, we discussed the free Let’s Encrypt SSL certificate. Today I’m going to introduce another certificate authority that issue free SSL certificate: ZeroSSL.
ZeroSSL Features
- It offers 90-day certificates and 1-year certificates.
- multi-domain certificates and wildcard certificates.
- ACME support. Its dedicated ACME Bot (ZeroSSL Bot) allows you to obtain and renew 90-day certificates automatically and completely free of charge.
- Supports third-party ACME clients
- No rate limit
- SSL monitoring
- REST API
- Domain verification via email, CNAME or file upload
To be honest, many of these features require a premium plan. I’m interested in ZeroSSL because one of my server applications doesn’t support Let’s Encrypt certificate. Now let’s learn how you can install the ZeroSSL certificate on Ubuntu server.
Step 1: Create a ZeroSSL Account
Go to the ZeroSSL official website, and click the Get Free SSL button.
Sign up for the free plan.
Then click the New Certificate button.
Enter your domain name and click the Next Step button.
Next, choose the certificate validity period. The 90-day certificate is free, so I chose it.
After that, it will generate a CSR (certificate signing request).
Finally, select the free plan.
Once the SSL certificate is created, you need to verify your domain name. ZeroSSL supports email verification, DNS (CNAME) verification and HTTP file upload verification. I have my own email server, so I chose the email verification method.
After the domain is verified, you can download the certificate.
Step 2: Install ZeroSSL Certificate on Ubuntu Server
Upload the zipped certificate file to your server. Then unzip it.
unzip your-domain.com.zip
There will be 3 files:
- ca_bundle.crt
- certificate.crt
- private.key
We need to combine the two .crt files into one file.
cat certificate.crt ca_bundle.crt >> zerossl_certificate.crt
Create a directory to store these files.
sudo mkdir /etc/ssl/your-domain.com
Move them to this directory.
sudo mv zerossl_certificate.crt private.key /etc/ssl/your-domain.com/
Change the file permission so that only the root user can read them.
sudo chown root:root /etc/ssl/your-domain.com/* sudo chmod 660 /etc/ssl/your-domain.com/*
Now let’s install the certificate.
Apache Web Server
First, edit your virtual host file.
sudo nano /etc/apache2/sites-available/your-domain.com.conf
Add the following lines above </VirutalHost>
.
RewriteEngine on
RewriteCond %{SERVER_NAME} =your-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
The 3 lines tell Apache to always redirect visitors to the HTTPS version of your site. Save and close the file. Then create a virtual host file for the HTTPS version of your site.
sudo nano /etc/apache2/sites-available/your-domain.com-https.conf
Put the following lines in the file.
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/your-domain/ ServerName your-domain.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/ssl/your-domain.com/zerossl_certificate.crt SSLCertificateKeyFile /etc/ssl/your-domain.com/private.key Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>
Save and close the file. Then enable the HTTPS version of your site.
sudo a2ensite your-domain.com-https.conf
And reload Apache.
sudo systemctl reload apache2
Now visit your site in your browser and you will see a green lock.
Nginx Web Server
Open your Nginx server block file.
sudo nano /etc/nginx/confi.d/your-domain.com.conf
Edit the file like below.
server { listen 80; server_name your-domain.com; return 301 https:$server_name$request_uri; } server { listen 443 ssl http2; server_name your-domain.com; root /var/www/your-domain/; ssl_certificate /etc/ssl/your-domain.com/zerossl_certificate.crt; ssl_certificate_key /etc/ssl/your-domain.com/private.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; ... Your custom directives goes here. ... }
Save and close the file. Then test Nginx configs and reload.
sudo nginx -t sudo systemctl reload nginx
Conclusion
I hope this tutorial helped you obtain and install a free ZeroSSL certificate on Ubuntu server.