How To Generate SSL/TLS Certificate for Heroku, Cpanel, IIS ( FREE )

Step 1: Install certbot (a popular Let’s encrypt client) if you are on windows or mac it is easy

//For Mac
brew install certbot
sudo certbot --manual

For Mac and Linux birds, a domain name is asked you can also use a shorthand

certbot -d --manual

Step 2 (verification): You can verify your domain by DNS challenge

//for dns challange type the following instead of sudo certbot certonly --manual

The default challenge method is hosting challenge (you have to return a specific get response at a specific location of your domain)

DNS challenge is preferred if your website is not yet hosted

If your computer is in a good mood you will be gifted a certificate and private key

If you intend to use them on IIS server you will be required to compile both certificate and private key into a PFX Certificates using OpenSSL

openssl pkcs12 -export -out /tmp/certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem

Otherwise, go ahead and upload your hard work (and saving of 74$) to your hosting provider (like Heroku (only paid users can upload certificates), Cpanel…)

Note: Let’s Encrypt certificates expires after 90 days, You will have to see its face every 3 months

Don’t forget to decrypt ' yell some claps’ most people can’t


If you would like to get an in-depth knowledge of SSL & TLS, there you go

Finding Magic.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store