ZeroSSL: How to Secure Your Website with a Free SSL Certificate

Easily implement SSL on your site with ZeroSSL. Our guide covers free certificate setup, ensuring safe and encrypted user connections.

Nowadays, securing your website is not just a recommendation but a necessity. This is where SSL certificates come into play. They encrypt the data transferred between a user’s browser and the website, ensuring privacy and security.

Among the various options available for obtaining an SSL certificate, ranking in popularity after Let’s Encrypt, ZeroSSL is one of the preferred choices, especially for those looking for a free and reliable solution.

This article delves into how to secure your website with a free SSL certificate from ZeroSSL.

ZeroSSL: A Quick Overview

ZeroSSL is a free, automated, open certificate authority that provides SSL certificates. It’s known for its user-friendly approach to SSL certification, making it accessible even for those with limited technical knowledge.

Similarly to Let’s Encrypt, ZeroSSL provides free 90-day certificates that require renewal before expiration. However, there are some differences between the two platforms, so let’s mention them quickly.

Comparing ZeroSSL with Let’s Encrypt

Let’s Encrypt is a popular choice for free SSL certificates. Like ZeroSSL, it’s automated and open. The key differences lie in their approach and additional features.

Let’s Encrypt is more geared towards automation and is widely supported by various hosting providers, making it a go-to choice for many users who prefer a set-it-and-forget-it solution.

On the other hand, ZeroSSL appeals to users who desire a more user-friendly approach and additional support. Compared to Let’s Encrypt, ZeroSSL additionally gives you:

  • Manage certificates via convenient UI
  • Offer domain verification via email
  • No rate limit
  • SSL Monitoring
  • RESP API

On top of that, while both offer free SSL certificates, ZeroSSL provides paid options for extended validity periods and additional features, which might benefit some businesses.

With that explained, let’s move on to the steps involved in obtaining a free ZeroSSL certificate.

Step 1: Sign Up for ZeroSSL

You must have a registered account to get a free SSL certificate from ZeroSSL. So, as a first step, navigate to the ZeroSSL website using your preferred web browser and click on the “Get Free SSL” button.

Sign Up for ZeroSSL
Sign Up for ZeroSSL

Sign up for the free plan from the next page by entering a valid email address, choosing the password, and hitting “Next Step.”

Sign Up for ZeroSSL
Sign Up for ZeroSSL

Step 2: Create a New SSL Certificate

You will be automatically logged into the dashboard. To start issuing a new SSL certificate, click the “New Certificate” button.

Create a New SSL Certificate
Create a New SSL Certificate

Provide the domain name for which you need a free SSL certificate. In case it’s a primary domain (such as “example.com “) rather than a subdomain (like “dev.example.com “), ZeroSSl will, by default, add the “www” prefix to the certificate, meaning it will also cover “www.example.com.” Click the “Next Step” button.

Specify the domain name.
Specify the domain name.

Set the “90-Day Certificate” validity, a free option from ZeroSSL, and proceed by clicking “Next Step.

Select the validity period of the SSL certificate.
Select the validity period of the SSL certificate.

Make sure the “Auto-Generate CSR” option is enabled. A CSR, or Certificate Signing Request, is a block of encoded text given to a Certificate Authority (CA) when applying for an SSL/TLS certificate.

It contains information that will be included in the certificate, such as the organization’s name, domain name, locality, and country. The CSR also contains the public key that will be included in the certificate, and it’s generated alongside a private key, which must be kept secure and not shared.

Click the “Next Step” button to proceed to the final step of issuing your free SSL certificate.

Set 'Auto-Generate CSR' enabled.
Set ‘Auto-Generate CSR’ enabled.

Make sure the “Free” option is selected on the next screen. Press the “Next Step” button.

Create a New SSL Certificate
Create a New SSL Certificate

Step 3: Verify Domain Ownership

The certificate is ready, but the domain ownership must be verified before you get it. In simple terms, domain ownership verification is like proving that you are the owner of a house. When you want to show that a website’s domain (like a house address on the internet) belongs to you, you must go through a process to prove it.

ZeroSSL provides three methods for verification: Email, DNS, and HTTP File Upload. Although DNS and HTTP File Upload necessitate server-side configurations, thus demanding more technical expertise and complicating the verification process, Email verification is the quickest and simplest method.

That’s why we will focus on it as an option to prove your domain ownership, so go for it.

You will be presented with a list of five commonly used standard usernames, typically associated with the email address for domain administration. These include:

To successfully pass the verification, ensure you have the needed credentials (username & password) to access the email account associated with your chosen name. Select it and then click the “Next Step” button to proceed.

Verify Domain Ownership
Verify Domain Ownership

Clicking on the “Verify Domain” button initiates sending an email to the specified email address, which includes a link and code for domain verification.

Verify Domain Ownership
Verify Domain Ownership

The mail itself is shown below. Copy the verification key to the clipboard, then click on the “Go To Verification Page” link.

Verify Domain Ownership
Verify Domain Ownership

You will be redirected to a page where the verification itself takes place. Enter the verification code you copied from the email into the provided field and click “Next.”

Verify Domain Ownership
Verify Domain Ownership

You should receive a message confirming the successful verification of your domain ownership. You can now safely close this window.

ZeroSSL certificate verification is successful.
The domain verification is successful.

Step 4: Install the SSL Certificate on Your Web Server

Return to the ZeroSSL page and hit the “Refresh Status” button. You’ll receive a notification confirming the successful verification of the domain. Following this, the “Install Certificate” button will appear. Click on it.

Install the SSL Certificate on Your Web Server
Install the SSL certificate on your web server.

To download the SSL certificate as a ZIP file to your computer, click “Download Certificate (.zip).” Then, press the “Next Step” button and keep the page open for now.

Install the SSL certificate on your web server.
Install the SSL certificate on your web server.

Copy the ZeroSSL certificate to the server hosting the website for the domain using tools like the SCP command, for example.

Create a folder at a location you prefer for storing the certificates. Remember to change “your-domain.name” to the actual name of your domain.

sudo mkdir -p /certs/your-domain.name

Then extract the ZIP file to this directory:

sudo unzip your-domain.name.zip -d /certs/your-domain.name/

Next, navigate to the folder and list its content. It should contain the following three files:

  • ca_bundle.crt
  • certificate.crt
  • private.key
Install the SSL certificate on your web server.
Install the SSL certificate on your web server.

You should combine the “ca_bundle.crt” and “certificate.crt” into a single file, which will be named “zerossl_combined.crt “. Fortunately, this can be easily accomplished using the cat command, as shown below:

sudo bash -c 'cat certificate.crt ca_bundle.crt >> zerossl_combined.crt'

So far, so good! You must configure the webserver now to work with the newly created SSL certificate. Here’s how you can do it for the two most popular web servers, Nginx and Apache.

Configuring an SSL Certificate in Nginx

You need to configure a virtual host (server block) for your domain in Nginx. Since this is outside the scope of this guide, if you need to learn how, you can refer to our comprehensive guide on this topic if you need assistance.

Below, we have shown the main part that must be present in your Nginx virtual host’s configuration for the webserver to work with our new SSL certificate, as the first server block is used to redirect all HTTP requests to HTTPS.

Of course, don’t forget to replace the “your-domain.name” part with your specific domain.

server {
    listen 80;
    server_name your-domain.name www.your-domain.name;
    return 301 https:$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name your-domain.name www.your-domain.name;
    root /var/www/html;

    ssl_certificate /certs/your-domain.name/zerossl_combined.crt;
    ssl_certificate_key /certs/your-domain.name/private.key;
}

Finally, restart the Nginx server.

sudo systemctl restart nginx

Configuring an SSL Certificate in Apache

To enable Apache to work with SSL certificates, it’s essential first to activate its SSL module. You can easily accomplish this by executing the following command:

sudo a2enmod ssl

Then, create a virtual host for your domain:

sudo nano /etc/apache2/sites-available/your-domain.name.conf

And put in it the following configuration, again remembering to replace the “your-domain.name” part with your current one:

<VirtualHost *:80>
    ServerName your-domain.name
    ServerAlias www.your-domain.name
    Redirect permanent / https://www.your-domain.name/
</VirtualHost>

<VirtualHost *:443>
    ServerName your-domain.name
    DocumentRoot /var/www/html/

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /certs/your-domain.name/zerossl_combined.crt.crt
    SSLCertificateKeyFile /certs/your-domain.name/private.key
</VirtualHost>

Save the file. Finally, enable your new virtual domain and restart the Apache web server:

sudo a2ensite your-domain.name.conf
sudo systemctl restart apache2

Step 5: Test Your ZeroSSL Certificate

Return to the ZeroSSL website and click the “Check Installation” button.

Test your ZeroSSL certificate.
Test your ZeroSSL certificate.

If the SSL certificate setup on your web server is correctly configured, you will see a green check mark indicating “Installation Complete.”

Test your ZeroSSL certificate.
Test your ZeroSSL certificate.

However, if something is wrong with your configuration, you will receive a notification informing you about it.

Test your ZeroSSL certificate.
Test your ZeroSSL certificate.

Of course, the most effective way to verify is to direct your browser to your domain. By adhering closely to the instructions in this manual, you should receive the coveted padlock symbol, indicating that your website possesses a valid SSL certificate that has been properly set up. Congratulations!

The ZeroSSL certificate has been successfully issued, validated, and configured.
The ZeroSSL certificate has been successfully issued, validated, and configured.

Your ZeroSSL website account also enables you to manage your SSL certificates effortlessly and efficiently.

Managing SSL certificates.
Managing SSL certificates.

Conclusion

ZeroSSL presents a user-friendly and accessible way for website owners to secure their online presence with a free SSL certificate. This comprehensive guide has detailed the steps in obtaining, verifying, and installing a free SSL certificate from ZeroSSL on your web server.

Thanks for your time! Feel free to share your experiences or ask questions in the comments below.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

3 Comments

    • Hi,

      In simple terms, the answer is no; you can’t get an officially valid SSL certificate from a public certificate authority (CA) for just an IP address; you need a domain name. While there are rare situations where it can still be done for a public IP address (check this), it’s complicated and not commonly done. Of course, you can always approach this situation by issuing your own self-signed SSL.

      Best,
      Bobby

  1. I read this hopping ZeroSSL has a solution for intranet (not public) domain names and I understand this is no case, I have to continue with self-signed certificates.

    Honestly, I prefer Let’s Encrypt: even if you work a bit more on the initial setup, then everything is automated and you don’t risk your certificates to expire. By contrast, ZeroSSL seems designed to push you towards a paid subscription.

Leave a Reply

Your email address will not be published. Required fields are marked *