the most easy way to test the https protocol is to use a self-signed TLS certificate. However, the browser will prompt potential danger or risk. For viewers like yourself, it is not a problem, but it may scare other potential viewers away. Fortunately, there are free SSL providers on the internet. One of the most successful certificate provider is the Let’s Encrypt, which is a CA-Certification Authority based on open source project Let’s Encrypt. You can get more details on their official website: https://letsencrypt.org/ . It has an open API interface through which you can create a certificate using a client on your server. Its certificate only have a valid time of 3 months, after which you have to renew your certificate. Typically, the client can automate this process for you.
However, here I recommend you to use another website that provides TLS certificate based on Let’s Encrypt. Although you cannot automate the updating of the certificate, but you can definitely take full control of the certificating process and get the wanted certificate without sparing efforts in installing another client.
The website is https://www.sslforfree.com/ .
There is a validation process that needs you to prove that you are the owner of the domain that you are certifying. That is done by adding a TXT records in your DNS records. If you have no idea of how to do it, refer this post XXXXXXXXXXX.
After logging into the website, you just enter your domain name, which is www.guru101.ml in my scenario, and click certificate. There are three methods to validate your domain but my preferred one is the DNS method, as I am very familiar with DNS management.
Then you will be asked to add two TXT records in your nameserver. I did this on my freenom domain Management Panel.
Notice the TTL setting. The manual want you to set TTL to 1 second, but this is not allowed on Freenom. So I set it to 300 seconds or 5 minute, as you have to wait a period of this time to get your certificate. So you should set this number as small as possible.
After confirming the verifying two links you get your certificate. This certificate includes two files, the public certificate file with an extension of .crt and the private key named private.key. You can download a zip file containing the two files or just copy the individual contents and save it in corresponding files in ASCII format.
Next, we will have a detailed look at how to add this certificate to your apache2 web server.
