How To Generate SSL/TLS Certificate for Heroku, Cpanel, IIS ( FREE )

Arnav Zek
2 min readMay 5, 2020


Step 1: Install certbot (a popular Let’s encrypt client) if you are on windows or mac it is easy

//For Mac
brew install certbot
sudo certbot --manual
//For linux & windows go to

For Mac and Linux birds, a domain name is asked you can also use a shorthand

certbot -d --manual

Step 2 (verification): You can verify your domain by DNS challenge

//for dns challange type the following instead of sudo certbot certonly --manualcertbot -d --manual --preferred-challenges dns certonly//It will provide you with a host name and txt value you need to insert in your DNS settings//your host name will look something like your domain provider is Godaddy, you are required to remove the part of the host name that contains your domain name (you only need to insert _acme-challenge in the host field) & set TTL to custom 600s (the faster the better)

The default challenge method is hosting challenge (you have to return a specific get response at a specific location of your domain)

DNS challenge is preferred if your website is not yet hosted

If your computer is in a good mood you will be gifted a certificate and private key

If you intend to use them on IIS server you will be required to compile both certificate and private key into a PFX Certificates using OpenSSL

openssl pkcs12 -export -out /tmp/certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem

Otherwise, go ahead and upload your hard work (and saving of 74$) to your hosting provider (like Heroku (only paid users can upload certificates), Cpanel…)

Note: Let’s Encrypt certificates expires after 90 days, You will have to see its face every 3 months

Don’t forget to decrypt ' yell some claps’ most people can’t


If you would like to get an in-depth knowledge of SSL & TLS, there you go



Arnav Zek

Freelancer . Fulstack Dev . Game Dev