As early as two years ago, Google search engine guide on the proposed if the site is an HTTPS URL (installation of SSL security certificate) in a certain condition factors will be the site's weight and ranking has a certain positive effect. In the following two years, our domestic search engine also began to be based on whether the site to join the SSL certificate a discussion, but from the user experience and the actual needs, if we use the interactive Web site HTTPS URL is necessary, at least to give us the feeling is trustworthy.
In the past, if our site to use SSL certificate that has to pay high fees to buy certificates, now even if the pay SSL is also very cheap, even a lot of free SSL certificates can be used, in the old Chiang tribe mentioned Startssl, Vauton, let's encrypt, such as the more well-known free SSL certificate. Let ' s encrypt is currently supported by many domestic and foreign mainstream media websites.
About let's encrypt free SSL certificate installation before also mentioned, but this is based on the VPS, the deployment of the server, may be more difficult for ordinary users, in the case of the wrong server to hang off on the trouble. This is not the old Chiang has to see the foreign SSL for free tool, can be online to obtain the SSL certificate, and then we deploy our own virtual host, VPS Server site. So, in this article, I am ready to combat the old tribal "111cn.net" site to deploy let's encrypt free SSL certificate (refer to this article: https://www.letsencrypt.cc/ssl-for-free.html).
First, SSL for free web site
The code is as follows |
Copy Code |
Website address: https://www.sslforfree.com
|
Second, add application let ' s Encrypt SSL certificate URL
Here we add the domain name that we need to apply SSL certificate (I use laobuluo.com), then click Create Free SSL Certificate button, the system will automatically complement WWW domain name or without WWW domain name.
Third, choose Let ' s Encrypt SSL Certificate deployment method
Here we can use the FTP automatic verification, but the old Chiang also according to the Internet everyone's method with manual deployment, after all, FTP automatic verification submitted their account is not too good.
Iv. Verifying domain name ownership
According to the prompts, we download 2 files to local, and then upload to the Web site directory where SSL certificates need to be installed. We need to create a ". Well-known" folder in the root directory of the Web site, then create a "Acme-challenge" folder in its folder, and then upload 2 Authentication header files.
Then click Download SSL Certificate button to verify. If validation passes, you can proceed to the next step, and if not, you will be prompted.
Obtaining and downloading SSL security certificate files
After we verify the ownership of the site, we can directly see the SSL Security certificate file, we download it. In this way, we can successfully and quickly take advantage of the SSL for free web platform to obtain the let's encrypt of the SSL certificate file.
Vi. Let's encrypt free SSL certificate deployment website
The SSL certificate compression package we obtained has 3 files, namely CERTIFICATE.CRT, CA_BUNDLE.CRT, and Private.key. Because Chiang is ready to deploy the site is Nginx environment set up, here I only use Nginx deployment process records, in fact, if we use what environment is not important, such as the virtual host Cpanel panel deployment is also very simple, after I find a time to share the deployment to the virtual host article.
1, combined certificate and upload directory
Of the 3 files here, we need to merge CERTIFICATE.CRT and CA_BUNDLE.CRT together, such as merging into LAOBULUO.CRT file names. Then Chiang created an SSL directory "/usr/local/nginx/conf/ssl/" in the server, and then uploaded the merged files (LAOBULUO.CRT) and Private.key.
2. Configure Nginx file to start SSL certificate
Here Chiang will skip all HTTPS to HTTPS, which is straightforward. After you replace the configuration file, restart Nginx before it can take effect. If the configuration file is incorrect, you will be prompted incorrectly when restarting the Nginx.
VII, check and perfect the application of SSL certificate
It doesn't matter if you see a problem after deployment starts. We are going to solve the problem. This problem is because there are some pictures, text, call links or HTTP format, we need to replace all the HTTPS format URL.
As simple as that, it should be much simpler than the previous script to deploy let's encrypt free SSL certificates from the server.
Eighth, use SSL for free to deploy SSL certificate summary
1, compared to the old Chiang shared before the command line from the server to get script deployment method is much simpler, at least this side can be graphical operations, so for the general user do not worry about whether the server security and stability.
2, through the acquisition of Let's Encrypt SSL certificate, we can deploy to the virtual host, VPS, servers, according to the various needs of the web environment to deploy themselves.
3, since the Let's encrypt certificate is valid for 90 days, we have registered an account with SSL for free, so we will be reminded before expiration that we need to renew the contract and replace the certificate deployment as prompted.