The Secure Sockets Layer (SSL) establishes a secure connection between two interconnected systems, keeping the internet connection in secure and sensitive communication. This creates a secure environment where customers/users can share their data which is some sensitive documents like bank details and passports. SSL encrypts data and is transmitted in such a way that even hackers cannot breach security and access information on the internet. SSL can be used for a secure connection between a website on a remote server and a browser on a client's computer/device. Access to this information is provided via Secure Hypertext Transfer Protocol (HTTPS).


There are a variety of SSL certificates available in both premium and free plans that you can use to secure your web content. In this guide, we will discuss the ZeroSSL certificate. Just like other SSL certificates, ZeroSSL is available on a free 90-day plan and renews for free when it expires!! ZeroSSL has both public and private keys combined to establish a secure encrypted connection. ZeroSSL is easy to install and manage. I will explain step by step how you can set up and secure your website with a ZeroSSL certificate.

1) Create a ZeroSSL account
To register by creating an account, visit the official ZeroSSL website. You cannot obtain or apply for a certificate without a user account.

After creating an account, you will be automatically logged in.

Click the New Certificate button to create a new ZeroSSL certificate. If you intend to apply for a wildcard, enable the "I need a wildcard certificate" button. Follow by entering the domain name or domains you want to secure.

On the next page, leave it to 90 days, which is the renewal period.

Leave the CSR and Finalize Your Order tab as default.

Click next to complete the SSL application process.

2) Verify Domain Names
ZeroSSL gives you three optional ways to authenticate your domain; email verification, DNS and HTTP file upload . In each option, they will give instructions on how to do this. In our case, we will use Use HTTP upload file to verify your domain. Selects HTTP File Upload under Authentication method.

Download the auth file by clicking the link as shown.

Go to /var/www/html on your server and add these directories; /.well known/pki validation/

cd /var/www/html
sudo mkdir -p /.well-known/pki-validation
If you downloaded the file to your local computer, upload a file to /var/www/html/.well-known/pki-validation/ using the FTP protocol. Go back to your ZeroSSL portal and then click next to complete the verification.

Click the button to verify your domain(s).

After successful validation of the domain, download your certificate and save it in your preferred location.

The above file will be downloaded as a zip file. If you downloaded the file to a local machine, make sure to upload it to the server via FTP client and

3) ZeroSSL Certificate Installation in Nginx
At this point, you have downloaded your certificate and saved it on your server. We will edit the Nginx configuration file by adding ZeroSSL location paths to the file. You will find 3 files in the downloaded file;

certificate.crt
ca_bundle.crt
private key
Combine certificate.crt and ca_bundle.crt into one file.

For Linux users, login to your server and edit your file as shown below. Navigate to the current location of your certificate files. combine two files into one, fullchain.pem

cd /etc/nginx/ssl
cat certificate.crt ca_bundle.crt >> cert.pem
Replace the above with the actual location of the files on your server.

Now edit the Nginx block.

$ sudo nano /etc/nginx/sites-available/zerossl-test.conf

listen 443 ssl;

ssl on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/private.key;

server_name your.domain.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
root /home/www/html;
index index.html;
}

}
Reload/restart Nginx to pick new configurations.

sudo systemctl restart nginx
Check in your browser and see your installed ZeroSSL certificate.

Success!! You have perfectly secured your website with ZeroSSL Certificate.

4) ZeroSSL ACME Automation
Alternatively, we can do acme.sh to automate the request and renewal of ZeroSSL. It is a very simple and understandable method that does not require manual work back and forth as above.

Install acme.sh
First we will need to install socat, which acts as the runtime environment for acme.sh.

#Debian/Ubuntu
sudo apt install soca