How to request an SSL certificate (that includes wildcard domains!) automatically renews for you, and you can use it on the FREE Infinity tier.
I recently had a couple of threads on the support forum asking various questions about SSL certificates, how to obtain ones for multiple domain names etc, and there were several people (including the admin!) who seemed interested in how I had managed to get a wildcard certificate without needing to be on the premium tier, as this is something that even InfinityFree is limited by as it is their provider, iFastNet, that (presumably) are handling the SSL and infinity have just hooked into that.
As we all know, as long as your certificate is 2048bits or under, you can upload your certificate/key pair via the cPanel. This is effectively how I got a wildcard certificate. I didn’t use the InfinityFree SSL generation tool to get a Let’s Encrypt certificate, but instead, I found another tool that obtained my Let’s Encrypt certificate for me.
No 3rd party domain providers are required! You don’t even need to add TXT records, or other such validation methods to verify you own the domain. The tool I use (which is effectively the Windows equivalent of CertBot, the Linus tool that Let’s Encrypt gives you to encode, request & manage your certificates) - Now, the question the admin asked was, did I manage to set up auto-renewal, because this requires ACME authorization which needs to add a TXT record to your domain, which changes upon every renewal - so unless your DNS provider has an API to do this, you have to do it manually.
The quick answer is yes! There are a bunch of DNS providers listed in my tool. which provide APIs so that the tool can do this itself. However, mine (and Infinity’s) is not on that list. My DNS does have an API, but it’s not listed in the tool so I cannot use it, and Infinity doesn’t have one.
But you don’t need any of that! All you need to do is add a CNAME record for each domain you are requesting a certificate for! And you can do that within your InfinityFree cPanel (or whatever DNS host you use)
This acme-DNS service wraps up the Let’s Encrypt TXT process! So instead of having to manually enter those annoying strings into your DNS every 90 days, the above CNAME handles it all for you, automating the renewal.
HOW TO GET YOUR SSL CERTIFICATE
1. Download and install the Certify The Web Windows tool. https://certifytheweb.com/home/download
2. Add your site - you do not need to add an IIS site, that is purely to install your certificate if you happen to be running the tool on a Windows Server host. But remember to mark your domain as primary, and add the wildcard variant as well.
So in the Add Domains To Certificate: text box, you would put example.com, *.example.com, and click the plus button, then in the list that appears below, mark example.com as the primary domain. You can add as many domains as you like (I haven’t tested this multiple-domain feature with Infinity yet - but you still need a primary domain marked).
3. Click the ADVANCED tab above, choose Certificate Authority and select Let’s Encrypt from the list.
4. Click the AUTHORIZATION button on the far left (if there is a tab open here, click the → arrow at the top and the tab will fold in, showing the Certificate, Authorization, Deployment, etc buttons. In the Challenge type drop-down list, select DNS-01 as the challenge type, and in the DNS Update Method, select acme-dns DNS API from the list (it is the one at the top).
Now you are ready to click the TEST button! The tool will simulate the certificate request, and generate a list of errors for every domain you added. Click the main error line at the top of the panel that just popped out on the right of the tool. It will unfold to reveal your error(s) (which is simply telling you that DNS authorization has failed, which we expect since we haven’t set it up yet!).
Now, If you click each error, it will copy the DNS record that you need to add for that domain into the clipboard. It will look something like this:
acme-dns DNS API :: [Action Required] To complete setup, add a CNAME record in your DNS:
with the value:
Now you need to go to the CNAME section of the Infinity cPanel (or edit the DNS record for the domain at your own domain host) and add in the SOURCE field the label _acme-challenge and in the DESTINATION field the value with the long string ending with acme-dns.io
Do this for each and every domain you added to the certificate (remember at the moment I am assuming Infinity only lets you add one domain and its wildcard per certificate, but I shall be testing multiple ones shortly).
5. Now you are ready to generate your certificate! Just hit the REQUEST CERTIFICATE button. When you are finished, the certificate files will be installed onto your computer - you can view them in the certificate manager (I suggest you delete them from here anyway).
The key and cert (PEM) can be found at %ProgramFiles%\certify\assets\ and you can open the certificate/key in Notepad++, and copy the bit between and including:
---- BEGIN CERTIFICATE
----- END CERTIFICATE
Paste these into your cPanel in the SSL/TLS menu!