If you’re a website owner, you’ve probably heard of SSL certificates and why they are essential for securing your site. But do you know how to actually install one?
This easy-to-follow guide will navigate you through installing a free SSL certificate on your website. We’ll cover everything from generating a Certificate Signing Request (CSR) to configuring your server settings. So, let’s get started and make your website more secure!
Step 1: Gather Requirements
It’s now easier than ever to use HTTPS on your website; the first step is gathering your requirements. If you’re a beginner, it’s a good idea to reach out to your hosting company and discuss the options available to you.
There are a few easy ways to add SSL to your website:
- Some hosting companies, like SiteGround and WPEngine, even offer free SSL certificates with one-click installation features.
- Many hosts, such as GoDaddy, offer paid SSL services and will handle the certificate implementation for you. This is an excellent option if you want to save time and effort.
- If you’re an intermediate user and want a hands-on approach, you can generate your free SSL certificate with tools like Certbot or Let’s Encrypt.
The encryption and security level will be the same regardless of which certificate you opt for.
1.1 Types of SSL Certificates
There are several types of SSL certificates to be familiar with, each offering varying levels of validation. Let’s break down the three main types: Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) certificates.
Domain Validated (DV)
The only requirement for obtaining a DV certificate is proof of domain ownership. With this type of certificate, visitors will see a lock icon in their browser, indicating that your site is secure but that there is no specific information about the website owner.
Organization Validated (OV)
OV certificates further require confirmation of a legitimate business behind the website. When visitors click the green lock icon, they’ll see the name of your business, adding an extra layer of trust.
Extended Validation (EV)
EV certificates demand the most extensive validation process, requiring even more documentation. If your website has an EV certificate, visitors will see your business name directly in the address bar.
However, some updated browsers may not display this EV visual indicator. Despite this, some visitors still recognize the additional authenticity and trust offered by EV and OV certificates due to their rigorous validation process.
1.2 Commercial vs. Free SSL Certificates
Distinguishing between commercial and free SSL certificates is crucial for your website’s security strategy.
Commercial (paid) SSL certificates are a solid option for website owners, with a primary advantage being the availability of technical support. This can be a lifeline when you encounter issues during installation or management. Although the encryption level is the same as free certificates, the level of support is the key differentiator.
On the other hand, free SSL certificates, spearheaded mainly by the Let’s Encrypt initiative—an open collaboration between global organizations—have democratized website security.
Note: Before diving in, remember that many hosts offer specific instructions for deploying these free SSL certificates. Check your host’s support channels and articles to ensure you follow the proper steps for your particular setup.
1.3 SSL in the Cloud
Securing your site can also be achieved through cloud providers such as Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs). These services work as a proxy between the visitor and your website, caching content and filtering out malicious traffic while offering SSL certificates at no extra charge.
Note: However, if you plan to implement an SSL certificate through your host, you may need to skip to Step 3: Important Final Steps. The key is choosing the best method that aligns best with your website’s specific needs and technical comfort level.
1.4 Getting a free SSL Certificate
This guide works optimally if your site has a dedicated IP, although it’s still possible to use server name indication (SNI) with a single server IP address. If you’re on a shared platform, speak with your host about deploying Let’s Encrypt.
We assume you have full access and control over your web server for the following steps.
You’ll need certain information about your server, including its
- IP address
- a server username with admin or sudo privileges
- user password or SSH key authentication
- the software it runs (such as Apache, nginx, or IIS)
- the operating system and version number (like Debian 7, Ubuntu 16.04, etc.).
Step 2: Generate Certificate
Ensure you have all the required information; you can connect to your server and install a tool to generate an SSL certificate.
You need a way to log into your server and send SSH commands from your computer. For Mac users, Terminal will be your go-to, while Windows users can utilize PuTTY. Some hosts may even offer a web interface for running server commands.
Note: However, instructions may vary depending on your server software and system. Specific systems may not support Certbot, but other reputable clients are compatible with your server environment.
2.1 Overview of Steps
The following steps will guide you in obtaining a free SSL certificate from Let’s Encrypt using Certbot.
- First, connect to your server over SSH using the IP address, username, and password.
- Then, head to the Certbot website, select your server operating system and software from the dropdowns and follow the instructions.
- You will need to run several commands to install dependencies and Certbot itself.
- Next, generate the SSL certificate by executing the provided commands.
- You will be prompted to provide an email address and agree to the terms of service.
- To ensure automatic certificate renewals, follow the instructions under the ‘Automating Renewal’ section and set up a cron or system job on your server.
- Images and animations illustrating the process on a server using Apache on Ubuntu 16.04 will be provided to grasp the process better.
This overview should give you a comprehensive roadmap to secure your site with an SSL certificate.
2.2 Install Certbot Client
After connecting to your server via SSH, install the Certbot client, following instructions specific to your server on the Certbot website. During installation, remember to install any necessary dependencies. Images included here offer a snapshot of what you can expect during this process.
Note: In case of permission errors, consult with your host to confirm that your user can run administrative commands like sudo.
2.3 Generate SSL Certificate
The Get Started section of the Certbot website provides commands for this crucial step. We have included images to illustrate what you can expect during this process. Remember, this SSL certificate is specifically for securing your website.
Make a Secure Backup
After successfully generating your SSL certificate, the Important Notes will display the location of your Certbot configuration directory. This directory houses crucial data, including your account credentials, certification, and private keys. Safeguard this information by navigating to your server’s location and downloading a backup.
2.4 Automate Renewal
You now have an active SSL certificate securing your site. However, Let’s Encrypt certificates are valid for just 90 days. To avoid manual renewals, you can automate the process.
We recommend setting a cron or system job to renew the certificate twice daily. Remember the Certbot configuration directory from the previous step.
To schedule the cron job that renews the SSL certificate:
Let’s set up the automatic renewal of your SSL certificate.
- Start by connecting to your server.
- Then, run the command ‘crontab -e.’
- If you’re prompted, select your preferred text editor, like Nano.
- Enter the following command, ensuring you replace the location with the one provided during certificate generation: 52 0,12 * * * root /var/log/letsencrypt/certbot-auto renew –quiet.
- Open your website to verify its operation.
Some server configurations may require additional commands to load new certificates.
You can refer to the full documentation on Certbot renewals for more detailed information. Remember, Let’s Encrypt and Certbot are making the internet safer for everyone, for free. You can support their work by donating. Links to donate are provided here for Let’s Encrypt and Certbot.
https://letsencrypt.org/donate/
https://supporters.eff.org/donate/support-work-on-certbot
How to install an SSL certificate via the Plesk control panel:
– Generate a CSR (Certificate Signing Request) login to the Plesk admin control panel.
– Navigate to the Websites and Domains section and click on SSL/TLS Certificates.
– Click on Add SSL Certificate and enter a Certificate name.
– Complete all fields under the Settings section and click Request.
– Click on the name of the certificate you’ve just added to Plesk. Your Certificate Signing Request will be displayed in the ‘CSR’ section.
How to upload your SSL certificate:
- First, log into your Plesk admin control panel.
- Navigate to the Websites and Domains section and click on SSL/TLS Certificates.
- Locate the Upload the certificate files section to upload your SSL certificate files from your local machine.
- After selecting the necessary files, click on Send Files to finalize the process.
How to activate your SSL certificate:
- First, head to the Websites & Domains tab in the Plesk admin panel.
- Next, locate and click on the specific domain name. Proceed to Hosting Settings.
- Under the Security section, enable SSL support.
- Select the certificate you created earlier.
- Finally, confirm your changes by clicking OK.
How to generate a new Certificate Signing Request (CSR):
- Start the process by logging into your cPanel admin.
- Then, navigate to the Security section and click on SSL/TLS.
- Click on Generate, view, or delete SSL certificate signing requests from here under the Certificate Signing Requests (CSR) heading.
- Fill out the necessary fields in the Generate a New Certificate Signing Request (CSR) section.
- Afterward, click Generate at the bottom of the form.
- Finally, copy the CSR from the Encoded Certificate Signing Request section on the new page to request your SSL certificate.
How to install the SSL certificate:
- Start by launching your cPanel admin.
- Navigate to the Security section and click on SSL/TLS.
- Click on Generate, view, upload, or delete SSL certificates under Certificates (CRT).
- Upload your primary certificate (.crt file) from your local machine in the Upload Certificate section, then click Upload Certificate.
- Return to SSL Manager, click Manage SSL Sites under Install and Manage SSL for your site (HTTPS).
- Select Browse Certificates in the Install an SSL Website, pick the certificate to activate, and click Use Certificate. This will auto-fill the fields for the certificate.
- Scroll down to the bottom of the page and click Install Certificate.
- Finally, confirm the Successful Installation by clicking OK on the pop-up.
Step 3: Final Steps
With the SSL certificate installed, your site now has the option for HTTPS. However, the HTTP version remains accessible.
Directing all traffic to the secure HTTPS version is advisable to ensure data safety. Rectify any mixed content warnings to ensure all elements are secure.
Finally, don’t forget to update any proxy-based cloud services to work with your new SSL certificate, ensuring seamless and secure operation.
3.1 Force HTTPS
To force your site’s visitors to access only over HTTPS, you’ll need to edit the .htaccess or web.config file in your website’s root directory. Before proceeding, ensure the backup of these control files as a safety measure.
For Apache, you can also use the virtual host file. IIS servers can utilize the URL Rewrite Module and nginx servers the nginx configuration file.
For the .htaccess file, insert the following directive to redirect HTTP visitors to the HTTPS version:
Code Snippet – Add into the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]
Note: However, be cautious while editing the .htaccess file, as this can lead to complications on complex sites. The rewrite rule best suits websites on a dedicated server or VPS running Apache. Replace “domain” with your actual domain name in the sample code.
3.2 Check for Mixed Content Warnings
Even with HTTPS enabled, resources linked to your site may still load over HTTP. This includes images, videos, and external resources.
Browsers identify this content as “unsafe,” leading to broken functionality and security warnings.
To find these HTTP references, you can use the same SSH access you used to generate your certificate.
Run the command grep -r “http://” to locate files still loading resources over HTTP.
Once identified, it’s best to change these URLs from http:// to https:// or to a relative path.
There are plugins and extensions available that can automate the process of rewriting URLs from HTTP to HTTPS. For WordPress users, the Really Simple SSL plugin is a reliable choice.
Remember, if the HTTP resource is stored on the website, using the relative directory and filename is more efficient.
Absolute Path:
https://example.com/images/pic.jpg”>
Relative Path:
<img src=”/images/pic.jpg”>
Resources that can cause Mixed Content Warnings:
- Web fonts
- Iframe content
- JavaScript includes
- CSS stylesheets
- Image embeds
- Video embeds
- Audio embeds
Caution: Switching links to HTTPS may disrupt functionality if your site loads external content. Before adjusting the URL in the code, ensure the resource is accessible via HTTPS. You can easily verify this by entering the HTTPS URL into a web browser.
Should any issues arise, you can download the external content and host it on your server to guarantee HTTPS loading. Testing scripts and other potentially differential content in a development environment is advisable.
3.3 Search Engine Optimization
Transitioning to HTTPS can initially impact your SEO performance. Fear not, though! This is typically temporary.
Start by adding and verifying your new HTTPS site in Google Search Console. This will allow Google to recrawl your site, and you can submit a new XML sitemap.
Remember to use absolute URLs to ensure accuracy when it comes to SEO elements like “rel=canonical” and “open graph” tags.
While there will be a normalization period after applying SSL, remember that this is a confirmed ranking signal, according to Google.
On the downside, the URL change may reset your social sharing counters for older content. While these bumps may initially occur, the secure browsing environment you create for your users is well worth the transition.
SEO & meta elements to check:
- rel=canonical
- rel=alternate
- rel=next & rel=prev
- hreflang
- Open Graph tags
- Schema.org
- Structured Data
- Sitemaps
- Internal Linking
3.4 Website Security Caveat
Understanding that SSL merely secures data in transit between your site and your users is essential. It doesn’t protect your website from malware, DDoS attacks, or code vulnerabilities.
Website security requires a comprehensive and holistic approach. This includes maintaining a secure hosting environment, using strong, unique passwords, and regularly updating your website software to avoid potential vulnerabilities.
It’s advisable to consider a website security platform offering robust security controls, from firewall protection to malware scanning and removal.
Remember, securing your website is about protecting your data and building trust with your visitors. By showing you take security seriously, your visitors are more likely to feel confident interacting with your site.
If you have any questions or need further assistance, don’t hesitate to contact us at info@reliqus.com.