DEV Community

Alex Aslam
Alex Aslam

Posted on

SSL/TLS Certificates for Devs: Get HTTPS for Free in 5 Minutes with Let’s Encrypt 🔒🚀

#webdev #programming #javascript #automation

It’s 2024. Your app still shows that dreaded "Not Secure" warning 🔴. Your users panic. Google penalizes you. All because you thought SSL certificates were expensive, complicated, or "later problems."

Good news: Let’s Encrypt gives you free, auto-renewing certs—and setting them up takes less time than your coffee break. I’ve secured 50+ domains this way. Here’s the no-nonsense guide.

Why Bother with SSL/TLS?

  • 🔒 Security: Encrypts data between users and your server.
  • 🚀 SEO Boost: Google ranks HTTPS sites higher.
  • 😊 User Trust: No scary browser warnings.

Step 1: Install Certbot (The Magic Tool)

Run this on your server (Ubuntu example):

sudo apt update  
sudo apt install certbot python3-certbot-nginx  # For Nginx  
# Or for Apache:  
# sudo apt install certbot python3-certbot-apache
Enter fullscreen mode Exit fullscreen mode

(Windows/macOS? Use Docker or Snap.)

Step 2: Get Your Free Certificate

For Nginx/Apache (Automatic Setup): 

sudo certbot --nginx  # Or --apache
Enter fullscreen mode Exit fullscreen mode

✅ Certbot edits your config and sets up HTTPS automagically.

For Everything Else (Manual DNS Challenge): 

sudo certbot certonly --manual --preferred-challenges dns
Enter fullscreen mode Exit fullscreen mode

📝 You’ll need to add a temporary DNS TXT record to verify domain ownership.

Step 3: Auto-Renewal (Because Forgetting = Disaster)

Let’s Encrypt certs expire every 90 days. Automate renewals:

sudo crontab -e
Enter fullscreen mode Exit fullscreen mode

Add this line (runs renewal checks twice daily):

0 */12 * * * certbot renew --quiet
Enter fullscreen mode Exit fullscreen mode

Key Pro Tips

  1. Wildcard Certs: Secure all subdomains (*.yourdomain.com) with: 
   certbot certonly --manual --preferred-challenges dns -d '*.yourdomain.com'
Enter fullscreen mode Exit fullscreen mode
  1. Force HTTPS: Add this to Nginx/Apache configs: 
   server {  
     listen 80;  
     server_name yourdomain.com;  
     return 301 https://$host$request_uri;  
   }
Enter fullscreen mode Exit fullscreen mode
  1. Test Your Config: Use SSL Labs for an A+ rating.

When Let’s Encrypt Isn’t Enough

  • Enterprise Needs: EV certificates (green address bar).
  • Wildcard + Auto-Renew: Paid tools like Cloudflare simplify this.

TL;DR:

  1. sudo apt install certbot
  2. sudo certbot --nginx
  3. Enjoy free, auto-renewing HTTPS 🔥

No excuses left. Secure your site today.

Tag that friend still running HTTP. They need this.

Need Help?

Tried Certbot? Share your war stories below! 🚨💬

Top comments (0)