As you might notice, we use Let’s Encrypt for our tutorial, beside of Let’s Encrypt there are more alternative in free SSL world which supports ACME protocol. We preferred ACME because it has many different client support and compatible with them. Some alternative to Let’s Encrypt, ZeroSSL.com and BuyPass.com
If the limit of Let’s Encrypt reached, for sometimes you won’t be able to request a new certificate, to bypass a rate limit, we can use the alternative to generate SSL. Buypass has a 180 day lifetime of the certificate, which had its own use case. ZeroSSL and BuyPass don’t have wildcard SSL on their free SSL offering, the wildcard is their paid addon.
Install socat to enable run fake web server for validation purpose. acme.sh client support this features.
sudo apt install socat -y
Login as root and install acme.sh
curl https://get.acme.sh | sh
Reload .bashrc configuration
this command only need run once.
Create ZeroSSL account
Create new account on ZeroSSL, we only need to create account once, the account can used by multiple server.
acme.sh --register-account -m email@DOMAIN.com --server zerossl
Generate ZeroSSL SSL
Generate the SSL using acme.sh
acme.sh --issue --standalone -d DOMAIN.com --server zerossl
Create BuyPass.com Account
Create new account on buypass.com using acme.sh
acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail email@example.com
Generate BuyPass SSL
Generate BuyPass free SSL using acme.sh
acme.sh --issue --standalone -d freessl.atetux.com --server https://api.buypass.com/acme/directory
Web Server Configuration
To enable the SSL on various web servers mostly only take changes 2 lines. Below I’ll show the configuration for Apache and Nginx, I only gave 2 examples because I use both on our production server and familiar with the configuration files. Let me know if have a problem with the other webserver
For nginx webserver changes the ssl_certificate and ssl_certificate_key
ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer; ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
For Apache webserver, changes SSLCertificateFile and SSLCertificateKeyFile on vhost configuration file.
SSLCertificateFile /root/.acme.sh/DOMAIN/fullchain.cer; SSLCertificateKeyFile /root/.acme.sh/DOMAIN/DOMAIN.key;