Free SSL Certificate – Step-by-Step

Now that we have all the pre-requisites out of the way, here is how to obtain your free SSL Certificate – step-by-step:

  1. Lower your site’s Time To Live or TTL – This is usually an option in your sites DNS settings. This is important because at a later step you will need to add a DNS entry and then confirm that it is available. If your sites TTL is too long, the certificate can time out. Set your TTL to under 300 seconds. This is only temporary.
  2. Go to
  3. Launch PuTTY and enter your Website into the HostName box and press enter. Log into your Website using your SSH or telnet account.
  4. On the Get HTTPS for free! site, enter your email address into the corresponding field and then click on the “How do I generate this?” link just below that. This will contain what we are going to do in step 5.
  5. In PuTTY type: openssl genrsa 4096 > account.key and press enter. Wait for a response. At the next prompt type:
    openssl rsa -in account.key -pubout and press enter. With your mouse, highlight everything from “—–BEGIN PUBLIC KEY—–” to “—–END PUBLIC KEY—–“.
  6. On the Get HTTPS for free! site, right click on the ” Account Public Key: ” Box and select paste. Then press the “Validate Account Info” button.
  7. Go to your Web hosts site and copy your “certificate signing request (CSR)”
  8. On the Get HTTPS for free! site, paste the “certificate signing request (CSR)” into the step 2 box and press the “Validate CSR” button.
  9. For step 3 you will do a series of 3 steps going back and forth between the Get HTTPS for free! site and PuTTY.
    • For each item, copy the entire box on the
      Get HTTPS for free! site that starts with “PRIV_KEY=./account.key; echo -n…” by highlighting it, right click and select copy.
    • In PuTTY, right click and the contents should paste. Press enter. Highlight everything that starts with “(stdin)=…”
    • On the Get HTTPS for free! site, right click in the next box and paste the contents of the “(stdin)= ” results.
  10. For Step 4, you want to choose the DNS record to verify your ownership.
    • Go to your Web host and modify your DNS Zone record and add a TXT line for _acme-challenge.YOURDOMAIN.XYX where
      YOURDOMAIN.XYX is your domain.
    • The Data for the _acme-challenge line is going to be the value given on the “Set this TXT record” on the Get HTTPS for free! site.
    • Wait 5 minutes (300 seconds) that we set the TTL in step 1 above and press the “I can see the TXT record for…”
    • Just as we did for step 3 on the Get HTTPS for free! site, you need to copy the next “PRIV_KEY=./account.key; echo -n…” statements and paste them into PuTTY and copy and paste the response into the appropriate boxes on the Get HTTPS for free! site.
  11. If all goes well when you click the “Generate Certificate” button, the Get HTTPS for free! site will generate the certificate.
    • On your Web hosts site, find where you can install a certificate.
    • The certificate that Get HTTPS for free! site will generate is broken into two parts. Each is surrounded by “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. The first one is the actual certificate. The second one is the CA/Chain Certificate. Place each that are needed in the appropriate fields on your Web hosts site and you should be good to go!

If any of the steps fail, try re-doing them. I found it frustrating a the first few times but you just need to take your time and read the instructions on the site! You can also try working through the help field (e.g. “How do I do this?” on the Get HTTPS for free! site).

Enjoy your FREE SSL Certificate!