For a while I was making my own certs, just to see that I could and to understand how to setup and force https. However, since my certs were not signed every browsers said my site wasn’t secure (rightly so). So after a few times of my certs expiring I turned off forcing https and all redirects related to it.
With Chrome now making https more mandatory I looked into getting real SSL certs. I found ZeroSSL.com could do the trick. I followed the new user directions and have a few trips I was able to get real certs. However, I read that these certs expire every 90 days. Now I’m not the best at remembering to do updates like this so I set out to figure out how to refresh my certs automatically.
Perhaps I’ll get into the details later, but my final messy solution is a php script that will create an html output will run the refresh command. It translates the refresh command output to a less descriptive output (i.e. it hides all the folder paths and files used). If the refresh command generates keys the command is setup to place the keys in my webservers SSL folder. From there I use a windows batch file to call the php file and to log the output to a html file. The batch file also transfers the lastest html log file to a known folder that I can see from my website (the reason I don’t capture the full refresh command output into the html log file). Finally, I have Windows Scheduled task setup to run the batch file every night.
And with that I should have SSL certs always up to date….at least that’s the theory.