What is SSL?
If you’re reading this, you probably manage your own (or a client’s) website, and you’ve found out that Google and Mozilla are coming down hard on sites that don’t have SSL (secure sockets layer) encryption. What is SSL? In simple terms, it encrypts what’s being sent between your web browser and a website you’re visiting. This means that it’s more difficult for your information to be stolen or monitored- extra-important if you’re typing in a password, credit card number, and so on. Sites with SSL begin with https:// instead of http:// and are also indicated by major browsers with a green lock symbol next to the address bar:
Click on the “i” icon will show a message stating that the site is not secure. In October 2017, the icon is accompanied by a “not secure” text in the address bar as well.
If your site is set up incorrectly, your visitors may even be blocked from visiting your page by a nasty “unsecure site warning” which will really put off your visitors.
So, as the major browsers move toward punishing non-secure sites that use http, you really need to set up SSL on your website.
What do I do?
There are a number of ways to set up SSL, including paying for a certificate, but there is no difference between free and paid SSL certificates. In this article, I’m going to describe how to set up an SSL certificate for free using Let’s Encrypt. I found little helpful information about how to setup Let’s Encrypt with GoDaddy hosting and WordPress, so hopefully this will be helpful for those running a similar setup.
If you want to use another SSL provider, another host, or another platform, this guide might not be as helpful.
If you aren’t familiar with CPanel and messing around with stuff that you can break, this is a slightly more “intermediate” project.
Let’s Encrypt certificates must be renewed every 90 days, and when I tried to renew I had issues which caused me to delete my certificates file and start this process over from basically scratch. I believe the main issue was the final step, which changes your WordPress URL to use https. If you aren’t prepared to do this every 90 days until a solution is discovered, you might want to go a different route (if you have a solution, let me know!).
So… Let’s Encrypt!
Step 1: Go to your WordPress dashboard and install the WP Encrypt plugin. You can use another, but WP Encrypt definitely works with Let’s Encrypt.
Step 9: Click on “Generate, view, upload, or delete SSL certificates” under “Certificates (CRT)”. Paste the nonsense, including —BEGIN CERTIFICATE— and —END CERTIFICATE— into the box as shown below. Then click “Save Certificate”.
Step 10: Go back to the SSL/TLS page and click “Manage SSL Sites” under “Install and Manage SSL for your site (HTTPS)”. You will need to have the nonsense from cert.pem in the CRT field, and the nonsense from private.pem in the KEY field. Click “Install Certificate”.
Step 11: Click “Browse Certificates” and select the newly created certificate. It will say “Let’s Encrypt” rather than “Self-Signed”. Note: There may be an extra step here with “Manage Installed SSL Websites” but I don’t have a clean slate to work with. If you run into an issue at this stage, email me and I will help you.
You’re encrypted! If this guide was helpful, or if you have suggestions, let me know or sign up below to get my awesome emails: