Oui, il existe enfin des certificats gratuits (sans garantie de transaction commerciale) suffisant pour vos blogs afin de les passer en https, merci à Let's Encrypt - Free SSL/TLS Certificates

Les bonnes ressources pour activer le https, et renouveler automatiquement les certificats SSL sur votre serveur web apache, nginx :

Installation

Installer certbot, et lisez les instructions de mise en place de certbot, par exemple sur Apache on Debian 10 (buster).

Le script certbot-auto exécute automatiquement sudo si cela est nécessaire et que vous ne l'avez pas spécifié.

root@ks:~# whereis certbot
certbot: /usr/bin/certbot

Une fois installée, la commande utilisée sera : certbot-auto

root@ks:~# certbot-auto
Upgrading certbot-auto 0.36.0 to 0.38.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: placeoweb.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): c
Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name.

Vérifier la date d'expiration des certificats

root@ks:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: placeoweb.com
    Serial Number: 471c63479cc6718500f63d69dddd794ddb4
    Key Type: ECDSA
    Domains: placeoweb.com canet.placeoweb.com catllar.placeoweb.com dotclear.placeoweb.com forum.placeoweb.com maroc.placeoweb.com vtt.placeoweb.com wiki.placeoweb.com www.placeoweb.com
    Expiry Date: 2024-02-21 22:41:50+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/placeoweb.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/placeoweb.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Mise à jour cyclique et automatique du certificat

Selon les différents sites, il vous faudra ajouter à vos taches cron l'une commandes :

certbot-auto renew –quiet –no-self-upgrade
certbot-auto renew --rsa-key-size 4096 --force-renewal
letsencrypt-auto renew --quiet
letsencrypt-auto renew
root@ks:~# certbot-auto --help

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
    (default) run   Obtain & install a certificate in your current webserver
    certonly        Obtain or renew a certificate, but do not install it
    renew           Renew all previously obtained certificates that are near
expiry
    enhance         Add security enhancements to your existing configuration
   -d DOMAINS       Comma-separated list of domains to obtain a certificate for

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  --nginx           Use the Nginx plugin for authentication & installation
  --webroot         Place files in a server's webroot folder for authentication
  --manual          Obtain certificates interactively, or using shell script
hooks

   -n               Run non-interactively
  --test-cert       Obtain a test certificate from a staging server
  --dry-run         Test "renew" or "certonly" without saving any certificates
to disk

manage certificates:
    certificates    Display information about certificates you have from Certbot
    revoke          Revoke a certificate (supply --cert-path or --cert-name)
    delete          Delete a certificate

manage your account:
    register        Create an ACME account
    unregister      Deactivate an ACME account
    update_account  Update an ACME account
  --agree-tos       Agree to the ACME server's Subscriber Agreement
   -m EMAIL         Email address for important account notifications

More detailed help:

  -h, --help [TOPIC]    print this message, or detailed help on a topic;
                        the available TOPICS are:

   all, automation, commands, paths, security, testing, or any of the
   subcommands or plugins (certonly, renew, install, register, nginx,
   apache, standalone, webroot, etc.)
  -h all                print a detailed help page including all topics
  --version             print the version number
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Tester le renouvellement automatique

root@ks:~# certbot-auto renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/toto.placeoweb.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for toto.placeoweb.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/toto.placeoweb.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/toto.placeoweb.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for toto.placeoweb.com
http-01 challenge for placeoweb.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/toto.placeoweb.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/toto.placeoweb.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Automatiser le renouvellement de certificat gratuit via des taches cron

Puisque le certificat est valide seulement 90 jours, il faut le renouveler manuellement ou automatiquement.

Renouveler son certificat Let's Encrypt automatiquement

# Certificats SSH HTTPS
40 04 28 * * /root/ssl/certbot-auto renew -n; /etc/init.d/apache reload
40 04 28 * * certbot renew -n; /etc/init.d/apache reload

On vérifie :

root@ks:~# certbot-auto certificates
    Expiry Date: 2019-12-29 17:47:03+00:00 (VALID: 89 days)

Renouveler uniquement un certificat Let's Encrypt en y ajoutant des sous domaines

root@ks:~# certbot certonly --cert-name placeoweb.com -d placeoweb.com,canet.placeoweb.com,catllar.placeoweb.com,dotclear.placeoweb.com,forum.placeoweb.com,maroc.placeoweb.com,vtt.placeoweb.com,wiki.placeoweb.com,www.placeoweb.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Requesting a certificate for placeoweb.com and 12 more domains

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/placeoweb.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/placeoweb.com/privkey.pem
This certificate expires on 2024-02-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -