How to set up SSL using Let’s Encrypt? If you also been on the lookout for free and trusted SSL certificates and wondering how to install them? Then you are at the right place. Here in this guide, I will unveil how to set up free SSL using Let’s Encrypt. So, let’s dive in!

When you create a website, you take all possible measures to keep your site safe and secure. But, you can not deny the fact that wrongdoers will try to harm your website. Therefore, you need to be sure that your website should be safe to use. Especially we talk about any eCommerce website, making payments for products and services you are offering, security should be your top priority.

And this is where Let’s Encrypt helps you obtain a free SSL certificate for your site. So, before shedding some light on how to set up an SSL certificate, it makes sense to understand some other related things as well.

So, What Exactly is SSL?

For those who are not familiar with SSL or Secure Sockets Layer. It is a cryptographic protocol that encrypts the data and connection between the server and the client. It is a standard security protocol for establishing a link between the server and browser. You can set up SSL by installing an SSL certificate and redirect HTTPS to HTTPS.

HTTPS or HyperText Transfer Protocol Secure is the protocol over which data is sent between the website you are connected to and the browser. However, it is more like a secure mechanism that HTTP uses over SSL connections to communicate.

You can say that HTTPS = HTTP + SSL

Firstly, an SSL connection is established. Then, all the HTTP data is wrapped into small SSL packets, sent, and received. However, both are combined together to prevent man-in-the-middle attacks and eavesdropping by third-party outsiders.

Why is it Necessary to Set Up SSL?

What’s this sudden hype to set up SSL and migrate to HTTPS all about if my site is been working with HTTP completely fine? You might be wondering! Well, for the uninitiated, Google officially announced that switching your website from HTTP to HTTPS will be considered as a ranking factor. Furthermore, it will give your site a minor ranking boost as well. Even Firefox Mozilla gives a warning error if login credentials or other sensitive details are entered from an HTTP-based site that has not migrated to HTTPS yet.

secure login ssl browser message

However, the whole process of switching from HTTP to HTTPS has many obstacles. Right from the costly SSL certificates to the complex installation processes. Everything has its own prominence. So, in this guide, we will tackle all such issues one by one and introduce a provision called Let’s Encrypt. It will help you set up SSL certificates free of cost. It is a non-profit and open Certificate Authority service by ISRG that provides Domain Validated Certificates free of cost. 

SSL Certifications: What For?

To be able to set up SSL secure connections, a server requires a digital certificate called an SSL certificate. An SSL certificate is a small data file that binds a cryptographic key to your organization’s or personal details digitally. However, SSL certificates have a pair of keys i.e. public and private. This key pair works together to create an established connection. Basically, SSL Certificate = Domain Name/Server Name + Organization’s Details.

Only a Certification Authority (CA) can issue a digital certification. A browser trusts an SSL Certificate. And it will establish a session between the client and the server only if the said certificate contains the domain name of the website and is issued by a trusted CA. So, it needs to reliable.

Certification Types

There are three different SSL certificates you can get. They are Domain Validation Certificate (DV), Organisation Validation Certificate (OV), and Extended Validation Certificate (EV). Let’s take a look at their basic traits through this table.

Features DV OV EV
Issuing Time Immediately Within 24 hours 4-5 days
Pricing Cheapest (Free in most cases) 15$ – 700$ 700$ and above
Types of Businesses Small or Medium Medium-scaled Larg
Types of Sites non-eCommerce/Internal eCommerce eCommerce
Issuing Criteria For a Purchaser Control over a Domain name Control over Domain name + Organisation’s Existence as a Legal Entity Organization’s Existence as a Legal Entity + Verification Checks by a Human

From the table, it is pretty clear that DV is actually preferable for small and medium-sized businesses. However, if you own a small business, it makes no sense to pay such high costs for an Extended Validation certificate. Additionally, it makes no difference which validation certificate you use in rankings factor as well as secure transmission of data, as of now.

Debunking All Odds: What’s Stopping People & What to Do About It?

One question that arises in mind here is that if HTTPS is such a better choice, why aren’t more people transforming their sites then? Well, I asked our webmasters’ team and almost everybody gave the same reply. “SSL certifications are of immensely high costs”. The big guys in town such as GoDaddy, VeriSign, Comodo, etc. charge a lot for the paid certifications. In fact, most website owners simply cannot afford to buy such high-priced security measures which may even exceed their profit ranges.

While DV certificates are comparatively cheaper than their counterparts. Also, the verification process involved to set up SSL and HTTPS is still a little complex for people with non-IT backgrounds. So, they look for some good alternatives that provide simple solutions to carve their way in the SSL world. However, the one such popular solution for a hassle-free SSL certificate and that too for free is Let’s Encrypt.

Let’s Encrypt – Encryption For Everyone (FREE)

Let’s Encrypt is a free, trustworthy, and automated Certification Authority (CA) operated by the Internet Security Research Group. Some of the key sponsors for Let’s Encrypt include the Mozilla Foundation, the Electronic Frontier Foundation (EFF), Akamai, and Cisco Systems. Currently, Let’s Encrypt offers full support for IPv6, ACME DNS Challenge, IDS, and ECDSA signing. Since domain-validated certificates are automated, only those can be issued. Certificates issued by Let’s Encrypt are valid for a total of 3 months, although you can automatically renew them every 60 days or so.

However, in some cases, your hosting provider will do the job for you. Also, Let’s Encrypt has become the third-largest Certificate Authority in the world. It has gained the trust of a lot of users worldwide. Currently, it has more than 200 million unexpired certificates. Some of the key features that have made this success possible are as follows.

Key Features of SSL

  • Free: You just need to own a domain name to set up SSL and get an SSL certificate at absolute zero cost and no renewal charges.
  • Secure: Let’s Encrypt-issued digital certificates are legitimate and accepted by every one of the web browsers. Besides, it helps site owners secure their servers properly.
  • Automatic: Let’s Encrypt interacts with web servers to get a certificate, configure it securely and renew it, all by itself- making the whole process automatic.
  • Transparent: Each certificate revoked or issued is available for public records and inspection purposes.

Now that you know the benefits of this certificate, let’s take a look at how you can get a free SSL certificate and make your site HTTPS-enabled.

How to Install a Free SSL Certificate

Case 1: If You Have a Dedicated Server

  • Through The Web Host Manager (WHM)

Web Host Manager is used to manage web-hosting accounts on a web server. If your hosting provider has installed provisions in the case of WHM, you can get the benefits of the Let’s Encrypt official plugin for WHM. However, this plugin is accessible for WHM version 58 and above. So, start by running the below command in the server terminal (usually putty).

/scripts/install_lets_encrypt_autossl_provider

Next, when you visit the AutoSSL interface by going over to Home SSL/TLS Manage AutoSSL. Here, you can select Let’s Encrypt from the list of providers.

  • Without Web Host Manager: People with Shell Access Mostly Use the Certbot ACME Client.

In such cases, where WHM is not handy, you can install a Let’s Encrypt issued certificate manually using Certbot. Head over to their official site, select your web host server and OS, and follow the steps displayed.

Case 2: In the Case of a Shared Server Hosting

  • Through cPanel (Without Shell Access)

Cpanel is a Linux-based web hosting panel. It provides you with GUI and automated tools to make the process of web hosting easy. If you manage your website through cPanel, Plesk, any other control panel, or some hosting providers such as FastComet, DomainRacer, BlueHost, etc. they provide a direct option for Let’s Encrypt in their interfaces. Thus, adding an SSL certificate for your domains becomes easy.

  • Through Certbot ACME Client (With Shell Access)

Let’s Encrypt recommends people with shell access to use the Certbot ACME client. However, Certbot offers free certificate issuance and installation automatically. Moreover, it keeps a check on the expiration dates of your certificates and renews them automatically. Whereas, for people who do not want auto-configuration, it has separate expert modes also. People who do not want to proceed with Certbot can check the official website of Let’s Encrypt for more client options.

Advantages of Switching to HTTPS

1. SEC_RITY is Incomplete Without “U”

Once you have made the switch to HTTPS, any packets(s) of data sent afterward are protected using the TLS protocol. Thus, you are guaranteed the three basic levels of network protection.

  • Encryption: All your exchanged data is encrypted. This means that even if eavesdropper somehow manages to “listen” to your data, it will be worthless since they don’t have a decryption key.
  • Data Integrity: Information encrypted cannot be seen by others while it is still in transit. Thus, help to avoid eavesdroppers and man-in-the-middle attacks. Also, data cannot be corrupted or tampered with by a third party without being detected.
  • Authenticity: HTTPS authenticates your site by making sure it is the one the server and/or users are supposed to be communicating with.

Besides, the green bar/lock at the beginning of the browser’s address window helps users build the trust of the users, making it worth the effort in the long run.

2. SEO: Always be in the Good Books of Google

  • More Referrer Data: Whenever traffic passes to an HTTPS-enabled site, it does not strip away your referral data. This is unlike HTTP where the referral information is not preserved and transferred as “Direct”. This becomes an issue in analytics reports as you cannot tell where this traffic comes from.
  • The Boost in Rankings: Need I say more? Unlike other ranking signals (Original content and link building), it does not merit heavy increases. Though Google may consider it as a slight ranking boost as of now, if you decide to set up SSL, it can have a notable impact in the future.
  • Revenue Conversions: When HTTPS and SSL are in place, the green lock in the URL bar gets active. This helps users perceive a sense of privacy and trust. Additionally, it can be a revenue driver by supporting more and more conversions.

Points to Consider Before Taking the Leap

  • Speed Issues: Since HTTPS in itself is a ranking factor, one might think that HTTPS sites are faster to load. Although this idea appears to be good in reality if you set up SSL, it can imply a minor drop in site speed. However, this mainly happens due to the extra communication “handshakes” needed between the servers.
  • Compatibility Issues: The world may be moving towards the SSL revolution still, everything is not HTTPS ready yet. Once in a while, an older web application will pop up that has trouble adopting the HTTPS URLs.
  • Hidden Errors: More often than not, errors pop up that defy all logic and are not even caught by HTTP. These hidden errors don’t show up in the program code because they are present in some external JavaScript or CSS files. In such cases, you need to scan through all your external files and look for anything that starts with HTTP.

However, most of these issues are due to the improper implementation of SSL migration or steps of switching from HTTP to HTTPS. Sometimes, both.

In Conclusion

In closing, sites that use HTTPS, account for nearly one-third of Page one results in Google as of June last year. With the advent of free and easy methods to set up SSL like Let’s Encrypt, these numbers are just beginning to increase. It has made it unbelievably easy for both developers and site owners to provide an automated, validated SSL certificate and switch over to HTTPS for free. Alright, this was all about getting SSL/HTTPS and securing your website. If you are now ready to make the switch, you should try experimenting with the website design as well. For this, check out TemplateToaster, a web design software that provides you with themes to modify your website or build a new one and set up SSL on it.

Best Drag and Drop interface to Design stunning WordPress Themes

Have any questions or comments about setting up SSL on your WordPress website? Share with me in the comments section below!