How To Install Free SSL Alternative to Lets Encrypt

As you might notice, we use Let’s Encrypt for our tutorial, beside of Let’s Encrypt there are more alternative in free SSL world which supports ACME protocol. We preferred ACME because it has many different client support and compatible with them. Some alternative to Let’s Encrypt, ZeroSSL.com and BuyPass.com

If the limit of Let’s Encrypt reached, for sometimes you won’t be able to request a new certificate, to bypass a rate limit, we can use the alternative to generate SSL. Buypass has a 180 day lifetime of the certificate, which had its own use case. ZeroSSL and BuyPass don’t have wildcard SSL on their free SSL offering, the wildcard is their paid addon.

Install socat

Install socat to enable run fake web server for validation purpose. acme.sh client support this features.

sudo apt install socat -y

Install acme.sh

Login as root and install acme.sh

curl https://get.acme.sh | sh

install acme client

Reload .bashrc configuration

source ~/.bashrc

this command only need run once.

Create ZeroSSL account

Create new account on ZeroSSL, we only need to create account once, the account can used by multiple server.

acme.sh --register-account -m email@DOMAIN.com --server zerossl

register zerossl account using acme

Generate ZeroSSL SSL

Generate the SSL using acme.sh

acme.sh --issue --standalone -d DOMAIN.com --server zerossl

zerossl free ssl generated

Create BuyPass.com Account

Create new account on buypass.com using acme.sh

acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail sl@atetux.com

acme create buypass account

Generate BuyPass SSL

Generate BuyPass free SSL using acme.sh

acme.sh --issue --standalone -d freessl.atetux.com --server https://api.buypass.com/acme/directory

buypass acme free ssl generate

Web Server Configuration

To enable the SSL on various web servers mostly only take changes 2 lines. Below I’ll show the configuration for Apache and Nginx, I only gave 2 examples because I use both on our production server and familiar with the configuration files. Let me know if have a problem with the other webserver

Nginx Server

For nginx webserver changes the ssl_certificate and ssl_certificate_key

ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;

Apache Server

For Apache webserver, changes SSLCertificateFile and SSLCertificateKeyFile on vhost configuration file.

SSLCertificateFile /root/.acme.sh/DOMAIN/fullchain.cer;
SSLCertificateKeyFile /root/.acme.sh/DOMAIN/DOMAIN.key;

Leave a Reply