Google recently said that sites that have SSL will be ranked higher in results and future versions of browsers will look to SSL verions of sites first before using unencrypted. Due to this, we offer our customers FREE SSL certificates provided by "Lets Encrypt SSL" They are also incredibly easy to install and take just a few clicks. This is an awesome offer and while it doesn't come with any garuntees like the paid options do at least you'll know that your site is safe. Below are the instructions on how to activate your free SSL Certificate.
- First, we HIGHLY suggest getting a dedicated IP for your webhosting account. SSL certificates are bound to a single IP address and so you will want to have an IP that belongs just to you. We do make use of SNI so you don't NEED to have the dedicated IP address, If you don't have a dedicated IP some current browsers and especially older ones will give errors saying it is insecure, and you'll also technically be linked to every other site that is on the same shared IP address. Both will result in the damage of your sites reputation. You can add a dedicated IP address to your account by simply following this guide here: How do I add a dedicated IP to my account? Once you have a dedicated IP address double check to make sure it is there. Insturctions for this are also listed in the guide linked above. If your panel shows that you have a dedicated IP address then you are good to go.
- Your domain that you want to make an SSL for has to be pointing to your webhosting with us. If it is pointing some place else the installation will fail.
- Your domain must be able to visit: http://your-domain/.well-known/acme-challenge/xxx the system will make these files automatically but make sure nothing is in the .htaccess rules that prevent access (by default there are none)
- In your control panel type "let" into the filter and you'll see the "Let's Encrypt for cPanel"
- In the Let's Encrypt Section you'll see your exisiting certificates and possible new certificates. If this is your first time the existing section is probably blank like the photo below. Just scroll down and in the "Issue a new certificate section simply click on the check boxes for the main domain and the www version. Then click on the "Issue Multiple" below the checkboxes. If you want only a single subdomain to have SSL for example that's when you would do issue single.
- On the next page you'll see a summary of what you're doing. Make sure that everything is checked, and make sure that the root of your domain is the primary just like our below example. Once you do that click "Issue"
- This will take some time. JUST WAIT!!! do NOT navigate away from the page. This entire process can take a few minutes to process. Once you're done you will get a success message with your domain, ip and that Apache is restarting.
- You should now be all done. Visit https://yourdomain/ to test your fancy pantsy new SSL certificate. If you run into errors or issues please keep reading.
Please be aware that If you are a merchant processing payments on your website you are required to buy a paid SSL certificate. If you are only using a third party processor like PayPal then the free option is still great for you. The following issues sometimes come up.
- Failed to issue certificate: The Let’s Encrypt HTTP challenge failed - is .well-known/acme-challenge accessible in your webroot?
- First, you need to check that you can actually access http://your-domain.com/.well-known/acme-challenge . If you cannot, then the issue is likely an .htaccess rule blocking access. Try including the following lines at the top of your .htaccess file:
RewriteEngine On RewriteRule ^.well-known - [L]
- Rate limit error - too many registrations
- Too many people on the server have made certificates today. Simply try again tomorrow. If you cannot wait then purchasing a paid SSL will allow you to set up instantly.
- Licence error when visiting the plugin page
- This means that the SSL cerfiticate software we are using has crashed. Check back in a few min. If it isn't back up the warning was probably overlooked by the system admin that is on duty at the time. Just open a ticket and we'll get it working.