You can get an SSL certificate for your website for free. There are two ways to do it: issue it yourself or get it from Let's Encrypt. Here is an overview of the pros and cons of each option.
Free self-signed SSL certificate, pros and cons
Self-signed SSL certificates are not purchased from a certification authority, but are self-made. For example, they are generated using the standard OpenSSL utility in Linux.
Self-signed SSL certificates are absolutely free. They fulfill their main purpose - to protect your website via HTTPS encryption protocol. But there is a reason why using self-signed SSL on websites is a bad idea.
The point is that each browser has a list of SSL certificate issuing authorities it can trust. The browser opens the website and checks who issued the certificate. If that organization is not on the list of trusted ones, the user gets a warning: the website is not secure.
If you want more users to visit your website, you should not install a self-signed certificate. But it can be useful for development environments, demos, and testbeds. Anywhere where visitors are not random people who might be alerted to a security warning.
Free Let's Encrypt SSL Certificate in ISPmanager
Let's Encrypt issues DV (domain validation) level certificates. The certification authority automatically verifies that the customer has access to the domain. DV certificates are certificates with a basic level of security. However, it is enough to secure a small website or information portal - where there is no need to collect payment data or personal data. Read more about types of validation in Types of SSL certificates.
How to get Let’s Encrypt
If your hosting provider supports Let's Encrypt, you can order the certificate through it. Another way to install it is via SSH, using an ACME client. But not everyone has access to SSH and not everyone likes to use it.
If you use ISPmanager, you can install Let's Encrypt right there. You do not need to connect via SSH to install it. The certificate is renewed automatically every three months.
1. To get the certificate, enter SSL Certificates in ISPmanager and press Let's Encrypt.
2. Then fill out the application for issuance. Be sure to specify the domain name for which the certificate is being issued and the name of the certificate.
3. You can select the Wildcard option - then the certificate will protect not only the primary domain, but all subdomains as well. For example, example.com, my.example.com, etc.
4. When the application is ready, all you have to do is click "Release". The certificate will be automatically generated and installed on the website - you do not need to manually validate. The only exception is if you are using an external DNS-server and chose to validate via DNS or Wildcard. Then ISPmanager will show you the notification about the records that should be added into DNS to obtain a certificate.