Let’s Encrypt: Set Up Your Free SSL Certificate With TSO Host
As internet security rises on people’s radars, hosting companies are ramping up efforts to protect customers. As you might have noticed, there’s been a surge in businesses – particularly online retailers – getting “SSL” certificates for their websites. That’s the green, padlocked “secure” notice you see in the browser bar (look above).
Who Needs SSL?
Online retailers are not the only ones that should be handling customer data over a secure connection. Even if you don’t sell through a store, you should consider having an SSL certificate. However you handle enquiries – be that construction, dog grooming or therapy – there are bound to be moments when your website will ferry sensitive information.
Obtaining an SSL certificate – i.e. encrypting the information that passes between site and visitor – adds an extra layer of security and peace of mind to both parties.
Introducing Let’s Encrypt: The Free SSL Certificate
Let’s Encrypt is a new initiative run by the Internet Security Research Group. It’s a free service – ostensibly born out of a wish to see a secure web – and it’s been deliberately built to be easy to install. It’s not for everyone, and it’s important that big retailers continue to use traditional SSL certificates. For the smaller businesses that don’t rely on e-commerce, Let’s Encrypt is perfectly fine.
Installation With TSO Host
Different hosts have different ways of doing things. In this example, I will demonstrate how to install Let’s Encrypt with TSO. They’re one of many UK hosting companies, but the basic approach is the same. Let’s dive in…
1. Go to your cpanel and select “Let’s Encrypt”
2. Check that your domain is eligible
Let’s Encrypt will only work if your domain’s DNS point to the host server. For that reason, you must check first if your settings are correct. Click “check my domains” and TSO will scan to see if your setup allows for the SSL certificate to be installed.
If they are correct:
Your domain will light up with nice green lights and you can continue to step 3. Success!
If they are not correct:
Visit your domain name provider and make sure your DNS settings point to your server. This could be the A record, or the nameservers. Each case will be different so make sure you consult your host/developer to make sure.
3. Click “Request SSL”
With the green lights on, Let’s Encrypt will kick into gear and you’ll soon have your free SSL certificate. Wait a few minutes then get ready for some checks.
4. Visit https://yoursite.com
By this, I mean visit your site normally but replace http with https. All being well, you’ll see your site in its full splendour. If for any reason you don’t see a green padlock, visit https://www.whynopadlock.com/ to diagnose the problem. It’s usually because your site is loading an “insecure” http file (for example some javascript or an image hosted elsewhere).
5. Replace your site links with https ones
If you run a static website, search and replace your files and change mentions of http://yoursite.com to https://yoursite.com.
If you have a WordPress website, go to General Settings and change the website URL from http to https in both the Site URL and WordPress URL. If you have the means to do a full search and replace of your database, do the same. As always, consult your developer if you’re unsure about this.
6. Set up a redirect to ensure all traffic goes to your https version
Now that you’re satisfied the site is sporting its SSL certificate, you’ll want to show it off. Put this code in your htaccess file to ensure that visitors to the old (http) setup will be redirected to your shiny new one.
And that’s it!
# REPLACE MYSITE.COM WITH YOUR OWN :)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://mysite.com/$1 [R=301,L]
Why choose a paid SSL over Let’s Encrypt?
As TSO state, Let’s Encrypt is owned by a third party and renews itself every 3 months. That doesn’t make it unreliable, but sometimes you might want a more tailored and permanent solution.
Paid SSL certificates – with higher warranties, green address bars, wildcards, domain validations and subdomain support – can be obtained from your host the usual way. For smaller websites – particularly those that don’t directly handle payments – this free option is fine.
Written by Bruce Sigrist in: Guides