How to get publicly accepted SSL certificate for free

Introduction

What you’ll need:

Azure Virtual Machine(VM) that the certificate will belong to. If you don’t have one, check out my post on how to provision one for yourself.

How to provision your Virtual Machine on Azure for less than $10 / month

Once you have provisioned your VM. The first thing you need to do, is assign it a DNS name. This DNS name can be the one you bought for yourself, or you can use DNS name provided by Azure. In this guide, I’ll be using Azure provided DNS name.

Setup VM in Azure

Open your Azure VM in Azure portal into overview section.

Once there, go ahead and click on Not configured under DNS name attribute.

In a new dialog window, you are able to “choose” your DNS name. Well, subdomain to be more precise. After all, we are using Azure free service here.

In my case, I decided to go with ssl-example as subdomain. Of course if you don’t want to invent a subdomain name, you can use your IP address as well. Once you choose the name, click on the Save button and go to Overview section to check that your subdomain name has been assigned to your VM.

The last thing we need to setup in Azure portal is to allow HTTP or HTTPS connection. Click on Networking section and then click on Add inbound port rule.

In the new dialog window under Service dropdown choose HTTP or HTTPS, and finally Add button.

Once the rule is created or updated, you need to wait a little bit, around 30s — 60s, until the changes are propagated to your VM. With this we have finished setup on Azure Portal.

Generate SSL certificate

Now open the terminal and SSH into your VM. You can simply use DNS name instead of IP address. Accept the fingerprint prompt.

ssh -i ~/.ssh/id_rsa ssl-example.brazilsouth.cloudapp.azure.com

In order to generate SSL certificates for our VM, I was following instructions from this page. I recommend that you read it as it may explain some options. If you are in a hurry, execute the following commands.

Install certbot. Certbot is a recommended application by Let’s Encrypt to generate SSL certificates if you have a shell access.

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Command output

Once the certbot is installed, we can run it to generate SSL certificate. In this case, my private key will be RSA with 2048 bits, and I’m putting all generated files to ~/ssl folder.

sudo certbot certonly --standalone --key-type rsa --rsa-key-size 2048 -d ssl-example.brazilsouth.cloudapp.azure.com --work-dir ~/ssl/ --config-dir ~/ssl/ --logs-dir ~/ssl/

Command output

As we have been using sudo, in case you want to easily copy your generated certificate and key, don’t forget to change the ownership of ~/ssl folder.

sudo chown -R ivansla:ivansla ~/ssl/
ls ~/ssl/live/ssl-example.brazilsouth.cloudapp.azure.com/

Command output

Conclusion

Congratulations, you have generated valid SSL certificate for your machine for 3 months. The certbot should create a scheduled task to automatically renew the certificate in the background. The advantage of this certificate is that it is accepted on internet, therefore if you are working on your project or POC and don’t want to pay unnecessary fees, this is a very good alternative.