How To Generate SSL/TLS Certificate for Heroku, Cpanel, IIS ( FREE )

Arnav ZeK
2 min readMay 5, 2020

Step 1: Install certbot (a popular Let’s encrypt client) if you are on windows or mac it is easy

//For Mac
brew install certbot
sudo certbot --manual
//For linux & windows go to https://certbot.eff.org/

For Mac and Linux birds, a domain name is asked you can also use a shorthand

certbot -d mydomain.com --manual

Step 2 (verification): You can verify your domain by DNS challenge

//for dns challange type the following instead of sudo certbot certonly --manualcertbot -d mydomain.com --manual --preferred-challenges dns certonly//It will provide you with a host name and txt value you need to insert in your DNS settings//your host name will look something like _acme-challenge.mydomain.com//if your domain provider is Godaddy, you are required to remove the part of the host name that contains your domain name (you only need to insert _acme-challenge in the host field) & set TTL to custom 600s (the faster the better)

The default challenge method is hosting challenge (you have to return a specific get response at a specific location of your domain)

DNS challenge is preferred if your website is not yet hosted

If your computer is in a good mood you will be gifted a certificate and private key

If you intend to use them on IIS server you will be required to compile both certificate and private key into a PFX Certificates using OpenSSL

openssl pkcs12 -export -out /tmp/certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem

Otherwise, go ahead and upload your hard work (and saving of 74$) to your hosting provider (like Heroku (only paid users can upload certificates), Cpanel…)

Note: Let’s Encrypt certificates expires after 90 days, You will have to see its face every 3 months

Don’t forget to decrypt ' yell some claps’ most people can’t

Cheers

If you would like to get an in-depth knowledge of SSL & TLS, there you go

--

--

Arnav ZeK
Arnav ZeK

No responses yet