# Native SSL via ZeroSSL
{% hint style="danger" %}
**ZeroSSL is not recommended as a free implementation; instead, use**[ Let's Encrypt.](https://docs.emaildelivery.com/docs/options-for-adding-https/free-native-ssl-via-lets-encrypt)
{% endhint %}
{% hint style="danger" %}
**Only use ZeroSSL if you have a compelling reason such as being a commercial customer with a paid certificate.**
{% endhint %}
{% hint style="info" %}
Before you begin, make sure Port 443 is open and unblocked by any other application, firewall, or SELinux policies on your server.
{% endhint %}
We use ZeroSSL instead of Let's Encrypt as our native SSL implementation for a simpler and more streamlined integration.
[ZeroSSL](https://zerossl.com/) allows you to generate trusted certificates through an online wizard right on the front page of their site and download them to your desktop in a zip file:
{% embed url="" %}
To get started with ZeroSSL, enter your platform domain name, including subdomain, into the wizard right at the top of their website:
Walk through the wizard until you reach the **Verification** step.
{% hint style="info" %}
Choose **DNS CNAME** for your Verification Method
{% endhint %}
Create a CNAME record on your DNS hosting provider and copy over the content from ZeroSSL:
Using Cloudflare for our example, we'll click Add record and select CNAME from the dropdown
Back on ZeroSSL click **Next Step** then **Verify Domain**:
{% hint style="success" %}
Verified!
{% endhint %}
Download the zip file and you're done on the ZeroSSL website.
Now that you've authenticated your domain with ZeroSSL and downloaded the zip file, you're going to need to copy the zip ZeroSSL provided you with to your platform installation server:
```
scp esp.fivetacofiesta.com.zip root@137.184.6.0:/root
```
Back on the server we're going to extract the archive:
```
unzip esp.fivetacofiesta.com.zip
```
You'll see the archive has extracted three files into the current directory:
```
Archive: esp.fivetacofiesta.com.zip
extracting: certificate.crt
extracting: ca_bundle.crt
extracting: private.key
```
Now we're going to combine two of the files into a new file using the cat command:
```
cat certificate.crt ca_bundle.crt > certificate_chain.crt
```
Copy our newly created file into the proper directory
```
mv certificate_chain.crt private.key edcom-install/config/
```
Change directory to your platform installation :
```
cd edcom-install
```
Run the automated SSL conversion script:
```
./convert_to_ssl.sh
```
Restart your platform:
```
./restart.sh
```
{% hint style="success" %}
**You're done.**
You should now be able to access your platform using https\:// instead of http\://
{% endhint %}
{% hint style="info" %}
You'll need to log in again, as your previous non-SSL cookies are no longer valid.
{% endhint %}
Before ZeroSSL:
After ZeroSSL:
