Categories
DNS SSL Technology

Adding SSL to your GoDaddy Site for Free

Security is important, and web browser makers are making SSL pretty much mandatory. If you purchase a ssl cert you will be spending some coin, plus IMHO it is more complicated that doing it for free.

I will show you how I setup my GoDaddy sites with SSL certificates using sslforfree.com and DoDaddy DNS.

Requirements

  1. DNS Hosting on GoDaddy
  2. Web Sites Hosted on GoDaddy

Tools You May Use

  1. web site sslforfree.com Please donate for the free service relative to your income. It keeps these type of services affordable for everyone.
  2. Web site Godaddy.com
  3. Web site https://dnslookup.online/soa.html
  4. Web site https://dnschecker.org
  5. Command or terminal prompt with nslookup

Step 1

Log into GoDaddy and click on DNS >> Manage Zones

Type in your domain name you want to add SSL to

look for existing TXT records that are named _acme-challenge and you see any delete them

Next, go to the web site sslforfree.com and enter that same domain name without the www in it, click “Create Free SSL Certificates”

You will have three options, choose the Manual Verification DNS option.

Then click “Manually Verify Domain” button

  • Add a TXT record
  • Copy form sslforfree the host _acme.challenge and paste into host field of GoDaddy TXT record
  • Copy the sslforfree.com value and paste into GoDaddy TXT Value field
  • Change the GoDaddy TTL to Custom and the Seconds to 600. that is the lowest GoDaddy allows.
  • Do the same fo the www record also. It will be identical to the first one but the _acme-challenge will have .www in it also
  • No open each sslForFree verify links in a new browser tab. Normally DNS record updates are available within 60 seconds or less. You should see something like the below. Key on the first sentance “TXT Record(s) Found.” if you see that you are good.

If you do NOT see that but rather see the below error, Go To Troubleshooting below.

No TXT Record Found. Make to set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain. Contact your DNS provider if unsure.

Assuming your DNS TXT records checked out, you can now click the button “Download SSL Certificate”. This will generate the certificate, private key and CA Bundle. These three blocks of text are required to be copied and pasted into GoDaddy. It will take about 30 seconds for the certs to be generated.

Once certificate is generated

  • Go to CPanel >> Search for SSL and select SSL/TLS.
  • Now Select Manage SSL Certificates link
  • Copy and Paste your certificate in the field called Certificate (CRT) and click the AutoFill by Certificate button
  • Copy and Paste the sslforfree field called private key into the GoDaddy Private Key (KEY) Field
  • Finally click the button at the bottom Install Certificate
  • Congrats, your SSL Cert is installed.
Click SSL/TLS link
Click the AutoFill by Certificate

Troubleshooting

Steps

  1. Confirm the SOA DNS shows your text records
  2. Confirm replication is taking place throughout the world

Use the Tools to verify Replication

  1. web site https://dnslookup.online/soa.html
  2. web site https://dnschecker.org
  3. command or terminal prompt with nslookup

Confirm SOA is Correct

SOA or Start of Authority is what I call the master DNS Record holder. This is the GoDaddy name server that holds your DNS Records (what you just changed) and those changes get replicated to hundreds of DNS servers in the world. One of which SslForFree will query to see if your TXT record exists during verification.

To Get your DNS GoDaddy DNS server name you can use dnslookup.online/soa.html. Enter your domain name and click SOA Lookup. This will show you the DNS server that your master DNS Record is in. the SOA server name is the Mname.

Once you know the master SOA server name you can use a command prompt to see if the Master Server is the issue or replication of DNS is the issue.

Go to your terminal prompt or command prompt and enter nslookup -q=TXT _acme-challenge.mydomain.name and the mName from SOA lookup tool. Obviously replace mydomain.name with your actual domain name.

Example lookup

This will return either the text value of the TXT record you queried, or will return “server can’t find _acme-challenge.domain.name NXDOMAIN”. this means that your actual DNS Record may be entered incorrectly, or there is a problem with the GoDaddy DNS server, contact GoDaddy.

WARNING: GoDaddy will certainly help with the DNS, but no so much with you trying to use the ssl from SSLFor Free. The sell a product for ssl certificates, and that is what they will recommend. So keep the call about DNS only.

Once your SOA DNS server is returning both TXT records, try and refresh the sslForFree verify pages again. Could be the replication has made it to them, and you can move on to generating your cert. If not yet, check the replication of the master SOA DNS Records. Go to https://dnschecker.org and select TXT for the type and enter your full TXT Record including the domain name. You should see a map with either Green checks or red x’s. If you are green, then at this point you should be able to generate your ssl certs, and copy paste the cert, private key and ca bundle to GoDaddy and install your cert.

If you are still having issues, you should probably buy the GoDaddy certificate.