Free Let’s Encrypt SSL Certificate Alternatives

Free Let's Encrypt SSL certificate alternatives

In this tutorial, we will talk about Free Let’s Encrypt SSL certificate alternatives.

free lets encrypt ssl certificate alternatives

We are going to show you how to install a Free Let’s Encrypt SSL certificate and its alternatives such as BuyPass and ZeroSSL certificates. The SSL certificate is a digital certificate, that enables the encrypted collection to identify the identity of the website and improves its security.

The SSL certificate is required also to verify ownership of the website, prevent attackers from creating fake versions of the website, and keep user data secure. Let’s get started!

Prerequisites

  • Fresh install of Linux OS such as Ubuntu, Debian or CentOS
  • User privileges: root or non-root user with sudo privileges

In this tutorial, we are going to use Ubuntu 20.04 as OS.

Update the System

Since this is a fresh install of Ubuntu 20.04 we need to update the system to its latest version.

sudo apt-get update -y && sudo apt-get upgrade -y

You need to allow some time for the system to get the latest information.

Install Free Let’s Encrypt SSL certificate

Before we install the certificate we need to install certbot software on our system

sudo apt install certbot python3-certbot-apache -y

The next step is to obtain the certificate

sudo certbot --apache

In the next few steps, you will be asked some questions while you install the Free Let’s Encrypt SSL certificate

root@vps:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@your_domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for your_domain.com
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/your_domain-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/your_domain-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/your_domain-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/your_domain.com.conf to ssl vhost in /etc/apache2/sites-available/your_domain-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://your_domain.com

Let’s say the limit for Let’s Encrypt is reached after multiple attempts and we are not able to install a certificate. Then we should wait for some time after we try again. This is the main purpose of this blog post, to use an alternative way to install a free SSL certificate and that way is to use free BuyPass or ZeroSSL.

Install Socat and Acme

Before we start installing the Free Let’s Encrypt SSL alternatives, we need to install some prerequisites on our server for fake web server and client support features:

sudo apt install socat -y && sudo curl https://get.acme.sh | sh && source ~/.bashrc

Install Free BuyPass SSL certificate

Create BuyPass.com account:

acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail admin@your_domain.com

You should receive the following output:

# root@vps:~# acme.sh --server https://api.buypass.com/acme/directory --register-account --accountemail admin@your_domain.com
[Thu 11 Nov 2021 11:42:54 AM UTC] Create account key ok.
[Thu 11 Nov 2021 11:42:55 AM UTC] Registering account: https://api.buypass.com/acme/directory
[Thu 11 Nov 2021 11:42:58 AM UTC] Registered
[Thu 11 Nov 2021 11:42:59 AM UTC] ACCOUNT_THUMBPRINT='vOwTA7qCPKft4BWy0gkmEAD0Dpfbl5OuGRC5zUjBGgM

Next step is to generate the BuyPass free SSL using acme.sh

acme.sh --issue --standalone -d your_domain.com --server https://api.buypass.com/acme/directory

You should receive the following output:

root@vps:~# acme.sh --issue --standalone -d your_domain.com --server https://api.buypass.com/acme/directory
[Thu 11 Nov 2021 11:45:50 AM UTC] Using CA: https://api.buypass.com/acme/directory
[Thu 11 Nov 2021 11:45:50 AM UTC] Standalone mode.
[Thu 11 Nov 2021 11:45:50 AM UTC] Creating domain key
[Thu 11 Nov 2021 11:45:51 AM UTC] The domain key is here: /root/.acme.sh/your_domain.com/your_domain.com.key
[Thu 11 Nov 2021 11:45:51 AM UTC] Single domain='your_domain.com'
[Thu 11 Nov 2021 11:45:51 AM UTC] Getting domain auth token for each domain
[Thu 11 Nov 2021 11:45:58 AM UTC] Getting webroot for domain='your_domain.com'
[Thu 11 Nov 2021 11:45:59 AM UTC] Verifying: your_domain.com
[Thu 11 Nov 2021 11:45:59 AM UTC] Standalone mode server
[Thu 11 Nov 2021 11:46:04 AM UTC] Success
[Thu 11 Nov 2021 11:46:04 AM UTC] Verify finished, start to sign.
[Thu 11 Nov 2021 11:46:05 AM UTC] Lets finalize the order.
[Thu 11 Nov 2021 11:46:05 AM UTC] Le_OrderFinalize='https://api.buypass.com/acme/order/YRsxSMk6P5zbryxUWTA6FFy4UfT0YScFAuG75YtJjpQ/finalize'
[Thu 11 Nov 2021 11:46:11 AM UTC] Downloading cert.
[Thu 11 Nov 2021 11:46:11 AM UTC] Le_LinkCert='https://api.buypass.com/acme-v02/cert/ffNgivH34nQ'
[Thu 11 Nov 2021 11:46:13 AM UTC] Cert success.
-----BEGIN CERTIFICATE-----
MIIGUTCCBDmgAwIBAgILAX+PZflhM/+VCm8wDQYJKoZIhvcNAQELBQAwSzELMAkG
A1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYDVQQD
DBRCdXlwYXNzIENsYXNzIDIgQ0EgNTAeFw0yMTExMTExMTQ2MDZaFw0yMjA1MDky
MTU5MDBaMBYxFDASBgNVBAMMC3Npcmthcm92LnRrMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA1H2bcqmY8Rbna4q7OTXPolM5TTHgDLw+6MWTYxCMhqQf
PvnHzIjRqIacfF3ZyrTKW3+viYs+lonW7kSvTTdpa5kTh5PqUHX+gjTP2mHZnuAg
vqdFGq1yIuqi1cWzual4d9gm+eE7ls3YpDjt/vjUnEyFbRI7a6irBTLYAJzjLgwV
dRVEGodrHCTQm9rByQlNOfhnSCJCaJXAW+Ij0LfurrHye+7MZUv/rCWwRg/S7Q13
36f07NRvDlDsCpduTo5Qq+ax+oIxkvYtlqkekK7VXji2S0I5xWmjKzD8xkgPAQgY
RI3VEbQzbQOQpD66XNXOwddN/7HkjUE0gWcnLs+7qQIDAQABo4ICaTCCAmUwCQYD
VR0TBAIwADAfBgNVHSMEGDAWgBQnUqRvLSqrQJOQ7NZpy/58YTt8QjAdBgNVHQ4E
FgQUvT/JeGhVXLeN4HshbKPeN4iRKs0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSAEGDAWMAoGCGCEQgEaAQIHMAgG
BmeBDAECATA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmJ1eXBhc3Mubm8v
Y3JsL0JQQ2xhc3MyQ0E1LmNybDAWBgNVHREEDzANggtzaXJrYXJvdi50azBqBggr
BgEFBQcBAQReMFwwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmJ1eXBhc3MuY29t
MDUGCCsGAQUFBzAChilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3My
Q0E1LmNlcjCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3ACl5vvCeOTkh8FZzn2Ol
d+W+V32cYAr4+U1dJlwlXceEAAABfQ7RwLUAAAQDAEgwRgIhAOMVl2pyMDQoCNB8
oyh4oWiDftkxR7GPdzRW6RXq/N65AiEA7yaxgskn/H6I7fBnVGS/hxrv76CnP/4F
17WBFcxXFdYAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAX0O
0cSXAAAEAwBIMEYCIQDQv4AdodSMnVYz0ISEAouj4ekYBrKhgaYSb4FwT79wYwIh
AMgcsNh0Xi4RLc++UZplKa2ssYk0Kkh5xURgkZnn2aWSMA0GCSqGSIb3DQEBCwUA
A4ICAQABCrfjNmDtu1VflmFSGQEWxeECEHp42jR1wvsxUKrghkGK9uHgp7xlvfPj
/Hz1BZ87hPF6NjRx1I4H0XAy3SAvbikYXUrvuD0gi/+QXaDXSOsDRnrlkEBNLAtI
sKJnBNyMrbFdneDVtJDQ1xUwmRexkAKAUeVkm4LxAoq97TxsIE/RlS/afsTsDNwo
53wl7nY6s9nG1ftLG/3GVvbe7Uh0/BO69R1i2v+xpg4V3WEswp04A0VIwKMjV859
la6AbXnoj9laG05N9sw+cQfiyzFUGkPLfef7InTmoJ/PUU2kLSGgZ16z2gyTYiZS
dM+zD7Sy8FkgSOecWpZFQwByv/HZuVfOXf6nJhIbirljRAt3cs37nMGt+Py9oq2E
/C7GbHAtk/hOOYqFQYNurrAna65WeF+ID2Sx71B32aSB3yl95HgzOHydD/Wl90xf
OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP
RYoeAxo+Vgy6Jy1fj3NSEC/LW4Lz5JW6fHMIRHJ3cCt5YloYgpfRW1n30p6clOth
jTjv1l0CzDtQhLe7aaVA0ux+BNvHAdEwrK06LKv59UBJ6JW5pw4AtfOC2YdSITJC
/FYz4ToP5GfN1UgYGDnkGguFw/MmUBPNpvZUGbNR0lO+MPgTdw==
-----END CERTIFICATE-----
[Thu 11 Nov 2021 11:46:13 AM UTC] Your cert is in: /root/.acme.sh/your_domain.com/your_domain.com.cer
[Thu 11 Nov 2021 11:46:13 AM UTC] Your cert key is in: /root/.acme.sh/your_domain.com/your_domain.com.key
[Thu 11 Nov 2021 11:46:13 AM UTC] The intermediate CA cert is in: /root/.acme.sh/your_domain.com/ca.cer
[Thu 11 Nov 2021 11:46:13 AM UTC] And the full chain certs is there: /root/.acme.sh/your_domain.com/fullchain.cer

Where your_domain.com will be your real domain and real paths to the certificate

Install Free ZeroSSL certificate

Now, when we have the prerequisites installed we can proceed with the ZeroSSL commands for installing the certificate

The first is to create a ZeroSSL account:

acme.sh --register-account -m admin@your_domain.com --server zerossl

You should receive the following output:

# root@vps:~# acme.sh --register-account -m admin@your_domain.com --server zerossl                                                                                                            
[Thu 11 Nov 2021 12:00:53 PM UTC] Create account key ok.
[Thu 11 Nov 2021 12:00:53 PM UTC] No EAB credentials found for ZeroSSL, let's get one
[Thu 11 Nov 2021 12:00:55 PM UTC] Registering account: https://acme.zerossl.com/v2/DV90
[Thu 11 Nov 2021 12:00:57 PM UTC] Registered
[Thu 11 Nov 2021 12:00:57 PM UTC] ACCOUNT_THUMBPRINT='HAPgD8ldayEpdEnHlNZJB3-S8pH7FIce9vUJU5oYpHI'

Next is to generate ZeroSSL with acme.sh

acme.sh --issue --standalone -d your_domain.com --server zerossl

You should receive the same output as from BuyPass SSL, the same path to the certificate, and a different key of course since it is another SSL:

.................
la6AbXnoj9laG05N9sw+cQfiyzFUGkPLfef7InTmoJ/PUU2kLSGgZ16z2gyTYiZS
dM+zD7Sy8FkgSOecWpZFQwByv/HZuVfOXf6nJhIbirljRAt3cs37nMGt+Py9oq2E
/OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP
RYoeAxo+Vgy6Jy1fj3NSEC/LW4Lz5JW6fHMIRHJ3cCt5YloYgpfRW1n30p6clOth
jTjv1l0CzDtQhLe7aaVA0ux+BNvHAdEwrK06LKv59UBJ6JW5pw4AtfOC2YdSITJC
/C7GbHAtk/hOOYqFQYNurrAna65WeF+ID2Sx71B32aSB3yl95HgzOHydD/Wl90xf
OED66/dgEeMD59VcdJ9DeexGNZZlSVBIwlLNEFW6nqSh09og3jAKhB4p9sCS9vFP==
-----END CERTIFICATE-----
[Thu 11 Nov 2021 11:46:13 AM UTC] Your cert is in: /root/.acme.sh/your_domain.com/your_domain.com.cer
[Thu 11 Nov 2021 11:46:13 AM UTC] Your cert key is in: /root/.acme.sh/your_domain.com/your_domain.com.key
[Thu 11 Nov 2021 11:46:13 AM UTC] The intermediate CA cert is in: /root/.acme.sh/your_domain.com/ca.cer
[Thu 11 Nov 2021 11:46:13 AM UTC] And the full chain certs is there: /root/.acme.sh/your_domain.com/fullchain.cer

Enable SSL on Web Server

Add these 2 lines into your webserver configuration file:

If you are using Apache as a Web Server

SSLCertificateFile /root/.acme.sh/your_domain.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/your_domain.com/your_domain.com.key

If you are using Nginx as a Web Server

ssl_certificate /root/.acme.sh/your_domain.com/fullchain.cer;
ssl_certificate_key /root/.acme.sh/your_domain.com/your_domain.com.key;

Congratulations! You successfully managed to install Free Let’s Encrypt alternatives and now you can choose between three different free SSL providers.

alternatives for free lets encrypt certificate

We can easily set up your SSL certificates, set up your website, and maintain everything for free and for life if you are one of our managed Linux hosting users. Our admins can fully support you and all of your server’s needs at no extra cost, while still giving you full control over everything on your server.

If you liked this post on how to install Free Let’s Encrypt certificate alternatives, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment