I am very familiar with SSL certification. I have used several FREE SSL providers out there (e.g. StartSSL, SSLForFree, LetsEncrypt). In these forums there are already many existing questions from people struggling to set up or install their ‘free’ SSL certificates, the conclusion of which I will summarise below.
Put simply, most SSL certification authorities will want to verify that your domain is owned by you. They can use a number of methods, such as:
- Checking if you own the email address ‘email@example.com’
- Checking custom records that you have added to your DNS
- Securely connecting to your server via SSL
- Checking files that you have uploaded to your public ‘acme-challenge’ folder
Method 1, used by ‘StartSSL’, used to work well, but recently is not considered secure enough by likes of Google. Certificates provided by StartSSL (which I have seen recommended by Administrators in these forums) WILL NOT WORK IN MANY BROWSERS. Indeed, StartSSL post this disclaimer on their site.
Method 2, used by ‘SSLforFree’ requires the ability to set TXT records, which is not supported by inifinityfree.
Method 3 is simply not an option with inifinityfree.
Method 4, used by ‘LetsEncrypt’ requires unrestricted access to a given file on your server. However, infinityfree blocks access to ‘bots’. E.g. try running “curl -i www.yourdomain.com”, and you will see a 403-forbidden result - even though the site is perfectly accessible in your browser.
I’m sure many people have got this working, so can someone please suggest either a workaround to the issues above, or suggest a FREE SSL certificate provider that is accepted by all major browsers does not need to authenticate in the above ways.