Creating SSL for my 2BitsAByte Website
Update 2024 Certbot no longer supports windows. Strangely enough my adventures with Night Scapes has led me on adventures with Photoshop which then led me to a Macbook Pro... where I randomly tried Punchbowl in Safari and it WORKED!
One of the biggest struggles since the SSL requirements started in Chrome in 2021 is to find free SSL certs. Interestingly, it is free and easy to have Free SSL in WordPress environments, but Windows shared hosting dropped the ball and many still do not provide Free SSL. It makes no sense to purchase SSL. I'm not selling anything, I don't need anything other than the very basic SSL protection, mostly just so that Google and other browsers are happy and give me the lock symbol and clicking on it will show "This site has a valid certificate, issued by a trusted authority.".
My host provider did send me a recommendation. SSLForFree. I was thrilled! Until it turned out it was actually ZeroSSL and it's only Free for 3 renewals and then it cost money. It still exists, so maybe you already experienced this false advertising. Either way, everything was great for 9 months (three sets of 90 days with ZeroSSL) and then BAM, they wanted money, and I'm like NOPE!
I contacted my host provider and they once again recommended SSLForFree, so I informed them about the false advertising.
I began researching. Hours of googling. I discovered Let's Encrypt. I did read about CertBot but I also found out about "PunchSalad's Free SSL Generator which used Let's Encrypt and was conpletely free (although I will admmig, I did buy him a KoFe a couple times). Unforutnately, the website is persnickity and sometimes doesn't work. I use the wildcard option which means I have to update a TXT record on my DNS.
Jump ahead to 2023. I have all my notifications set up and one week before my SSL cert was set to expire, I tried to create my new one. It didn't work. I tried rebooting, clearing cache and cookies, incognito mode, different browsers. No luck. Nada. According to the Dev tools, Let's Encrypt was sending a 500 error. Lovely. So I tried to reach out to the site owner. (This was on a Friday and my site was down for the count. This was now a full-blown emergency.)
It was a long arduous process and my website remained down because it was no longer secure. (Meanwhile, my taxes were finished and there was a sizeable shortage which shows even more how important it is to have SSL for free.) I was majorly stressed out.
I knew I could figure this out. I had to. Anything else was unacceptable.
After more deadends and failed attempts than I can count, I discovered a blog by Ioannis Kyriakidis It gave me just enough information to make me dangerous.
I did not use docker as reommended in the blog step 0
Anyway, the simplified version is below plus an easy way to verify the TXT record on your DNS.
First, download CertBot installer for Windows using this mirror location to get the most recent version at SourceForge Certbot
Follow the intallation instructions but ignore all other instructions. They make it more difficult than it needs to be.
Once it is installed, open your Windows Powershell. (I did this by right clicking on the start menu and selecting Windows Powershell, run as Administrator).
Use the following code but make sure you put in your own email address and domain names.
certbot certonly ` --manual --manual-public-ip-logging-ok ` --force-interactive ` --preferred-challenges dns ` --email your@email.com --agree-tos ` --domain *.yourwildcard.com ` --domain yourwebsite.com ` --debug-challenges ` --rsa-key-size 2048
You will then get a message similar to:
Please deploy a DNS TXT record under the name _acme-challenge.yourwebsite.com with the following value: 667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc Once this is deployed, Press ENTER to continue
Log onto your domain control and update your DNS TXT record. Then test it with this using a good old fashioned command prompt:
nslookup -q=txt _acme-challenge.2bitsabyte.com
Once you have verified that your DNS TXT record has been properly updated, "Press ENTER to continue"
Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/domain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/domain.com/privkey.pem Your cert will expire on 2023-08-02. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew"
Your certbot will be where you set it up. Mine is put in the root of C:
Then, depending on how your host handles certs, you can install it yourself (which if you can do that, you probably didn't need this information, or, if you're like me, you'll havet zip it up and email it to your host customer service.'
Congratulations! You have just created a free SSL. See ya again in 3 months when it's time to renew.. but hey! You can't beat free!