I wanted to share a simple and free method to add SSL to your website, so that it runs under HTTPS (HTTP Secure).
This is done for security reasons and will also give your site a boost on search engines.
First, you will go to SSL for Free
This is a great site to create and manage your SSL certificates.
To verify your site, you can go to Manual Verification and download a text file to a .well-known/acme-challenge folder on your site.
After clicking the new file to verify the site, it will allow you to download a trusted SSL certificate for free and you will also get a private.key.
- If you're having problems hitting the verification file, you might have to adjust the permissions on the .well-known folder or files.
- If you're using .NET Core and still having problems, try this code in Startup.cs in the void Configure function:
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @"wwwroot/.well-known")),
RequestPath = new PathString("/.well-known"),
ServeUnknownFileTypes = true // serve extensionless file
Another helpful trick I learned is to add a web.config file into the "acme-challenge" folder with the following contents:
<?xml version="1.0" encoding="UTF-8" ?>
<mimeMap fileExtension="." mimeType="*/*" />
Finally, with .NET Core deployments, I have found that there can be an issue deploying the .well-known directory,
so I found some additional code for the .csproj file to help with those issues:
<Content Include="wwwroot\.well-known\**" CopyToPublishDirectory="PreserveNewest" Exclude="$(DefaultItemExcludes)" />
If you're running on IIS, there is one additional step in order to convert these files to a .pfx file.
For this I recommend using this SSL converter site.
Now you will have a .pfx file with a private key. On Windows, you can just double click the file to add it to your local machine's certificate store.
Now in IIS, when you bind your site to port 443, your new certificate will appear in the SSL certificate drop down list!
You can read more about my IIS bindings strategy here
I'd like to look into a way to automate renewing of certificates!
What sites and tools do you use?
If this article helped you, or you have any thoughts on how to do this better, please click the Like button and/or leave a comment below.