This website provides Linux server operation and maintenance, automated script writing and other services. If you need, please contact the blogger on WeChat: xiaozme
Enabling SSL certificates is key to website security. It encrypts data transmission to prevent hackers from eavesdropping and tampering. SSL certificates enhance the credibility of websites and increase user trust. Search engines prefer websites with SSL certificates to improve visibility and traffic. In addition, SSL certificates also prevent phishing and malware threats and protect users' security. For websites involving sensitive data transmission, enabling SSL certificates is a necessary measure.
At present, major manufacturers such as Alibaba Cloud and Tencent Cloud provide free DV SSL certificates, but there are some drawbacks:
- A single account can only apply for 20 free DV SSL certificates
- Multiple domain names and universal domain names are not supported
If you are looking for a free SSL certificate to replace or supplement, you can try "come here to encrypt".
Register to encrypt here
Come here to encrypt the registration address: https://letsencrypt.osfipin.com/jump/share?code=E69XM4KD (Use recommendation code: E69XM4KD 5 points can be obtained)
It can be registered through email or mobile phone number without real name authentication.
Request SSL Certificate
Apply for SSL certificate in the encryption background here, support multiple domain names and pan domain names, and make up for the lack of some free DV SSL certificates.
The second step is to submit CSR and select encryption algorithm. Generally, CSR is generated automatically by default. If security is strict, you can submit CSR yourself (not recommended for non operation and maintenance). RSA is generally selected as the algorithm with good compatibility.
Four certificate channels are supported (as shown in the figure below), with a minimum validity of three months and a maximum validity of six months for Buypass (but Buypass does not support universal domain names)
Note: Points can be obtained by exchanging points, rewarding authors, signing in with small programs, etc. independently.
Wait a few seconds after submitting to create a task:
Here, you can select manual authentication and DNS authentication.
The CloudFlare used by xiaoz goes directly to the CloudFlare background to add TXT type resolution according to the encryption requirements.
After all parsing is added, directly click Validate All to submit the validation.
Next, wait for verification. The independent channel is faster (usually within 5 minutes), and the free channel has a longer waiting time (usually 10-30 minutes). This is not as fast as Alibaba Cloud and Tencent Cloud. It is suitable for application without hurry, or to buy an independent channel directly.
After the application is successful, you can download the SSL certificate for deployment.
Certificate file description
The downloaded certificate contains multiple files, as shown below.
Generally, if you use Nginx as a Web server, you only need the following two files:
fullchain.crt : Full certificate, can be changed to pem suffix private.pem : private key. The suffix can be changed to key
It is not recommended to apply for too many domain names at one time
Some friends may ask, since "come here to encrypt" supports multiple domain name SSL certificates, wouldn't it be convenient for me to submit dozens at a time? However, it is not because the more domain names you submit, the more verification records will be. Once one or more domain names fail to pass the verification or time out for some reason, the result is that none of them can be applied.
Therefore, it is recommended to reasonably submit the number of domain names for a single application. It is recommended that the number of domain names should be limited to 5 at a time, not too many, or the application will not be successful.
epilogue
This encryption can be used as a supplementary tool for SSL certificates. Its advantages are that it is free and supports multi domain and pan domain SSL certificates, but its disadvantages are that the certificate time is short (3-6 months) and the application speed is slow.
Come here to encrypt the registration address: https://letsencrypt.osfipin.com/jump/share?code=E69XM4KD (Use recommendation code: E69XM4KD 5 points can be obtained)
