It has always been a beginner’s issue to establish a domain protected by SSL. Some hosting providers give it for free but you pay for the hosting. For my part, using hostinger.ph as my webhost, they offer lifetime Let’s Encrypt SSL for Php 629 and that is a non-expiring Let’s Encrypt SSL.

In this guide, we will attempt to create our own SSL Let’s Encrypt certificate using hostinger as the webhost.

It has always been my thing to make my machine as clean as possible and as minimal as possible. With this in mind, I would usually do things with docker for some of tasks that would require lots of dependencies and may put a lot of unnecessary softwares in my machine.

In this regard, we will use docker to create and maintain our SSL certificates.

We will use the official docker image of certbot.

docker pull certbot/certbot

Next, we need to create the folders on the host machine so we can save for latter use the files and configurations generated.

mkdir -p letsencrypt/etc && cd letsencrypt

Now, let’s register to ACME.

docker run -it --mount type=bind,src="$(pwd)"/etc,target=/etc/letsencrypt certbot/certbot register --agree-tos -m [email protected]

We are now going to generate a certificate manually. -d parameter should contain the comma separated list of domains we want to be associated with the certificate.

docker run -it --mount type=bind,src="$(pwd)"/etc,target=/etc/letsencrypt certbot/certbot certonly --manual --manual-public-ip-logging-ok --rsa-key-size 4096 -d bolahan.com,www.bolahan.com

An instruction will be shown to write a file with very specific name on a folder in your web hosting given the contents provided to verify your ownership of the domain. Do it under your file manager or via SSH. Only press enter when you are done with writing those files.

Upon completion, verify that the certificate is defined.

docker run -it --mount type=bind,src="$(pwd)"/etc,target=/etc/letsencrypt certbot/certbot certificates

Your certificate files are now ready on your local directory letsencrypt/etc/live/<domain> The following are the important files:
cert.pem — this is the certificate itself
privkey.pem — this is your private key
fullchain.pem — this is your bundled chain

Finally, define these on your web hosting provider to serve HTTPS via Let’s Encrypt SSL.

It is extremely important that you make backups of your etc folder as it will be the same files that would be required for renewal. The certificate is valid for only 90 days.