In my previous article I explored why having an HTTPS site is better, why it was not widely adopted in the past and why it was severely limited (technology wise). This changed so rapidly with the advances in technology that having an HTTPS site now is not just a recommendation, it’s a viable option for new WordPress installations.
Even though many hosting companies are beginning offer built-in support for free SSL certificates from Let’s Encrypt not all hosts have jumped on board. In this article I’m going to cover several ways to manually implement a free SSL within WordPress depending on your hosting scenario. Let’s get into it!
Generate a Free SSL Certificate
There are several ways to generate a Let’s Encrypt certificate. In this section I’m going to explain how you can create and install SSL depending on your method of choice. After the certificate is generated when then proceed to Load the Certificate. Use whatever method you feel best according to your needs.
Through ZeroSSL Online
ZeroSSL is a wonderful way of generating a Let’s Encrypt certificate without having to touch a single configuration file on your hosting. The website is an online tool, and after generating the certificate it gives you the file contents so you can load them onto your hosting provider of choice.
Installation is not recommended since the process is not novice friendly and there are much better ways to generate the certificate than having to install all the software required. The alternative Online Tools option on the contrary, is excellent. Just click the button to get started.
After loading your e-mail address, your domain name and accepting the TOS you’ll generate your very own Certificate Request. It’s important to know that the best alternative if you plan on having compatibility with the vast majority of panels is to use the DNS verification.
Once you generate your CSR click the “Next” button to generate your certificate KEY. It will only take a moment. Copy-paste the Key once it’s generated and save it onto a safe place. But don’t use a rich-text editor since that kind of software will add additional characters that could potentially interfere with the code of the certificate and key. It must be saved as TXT with no format and exactly the way it is given, without removing anything.
After the key is generated and correctly copied or saved onto your computer you will be asked to verify the domain record. For this step you need to access your control panel and add a TXT record exactly as it is displayed on the screen (we explain how to do this later in the post). Once the record has been added, you’ll need to wait at least 5 minutes for the changes to propagate, hit Next afterwards.
If everything is working ZeroSSL will generate your certificate and give you a Congratulations page with a chance to save the Actual Certificate and the Certificate Authority Bundle.
The good thing about this method is that it doesn’t involve installing anything in WordPress or your hosting panel but with the downside that you have to re-create the certificate once each 60 days, which is not something you’ll want to do if you have tons of websites to manage. It’s a good method for fast adding a certificate into a site even if it’s not WordPress and since it’s general, it can work on any system.
Through Certbot on your own VPS/Server
If you’re on Debian 8 on your own VPS, the installation of is very simple, simple add this line of code:
sudo apt-get install certbot -t jessie-backports
Remember that you need to stop your current webserver so the port 80 is free for certbot to run properly, this can be done like this:
service httpd stop service nginx stop
After that, the only thing you need to do to acquire a certificate is to run this line for the interactive process to start:
certbot certonly
If you’re on CentOS you need to install certbot like this:
sudo yum install epel-release sudo yum install certbot
And do the same as Debian. The process is automatic but you need to be aware on how to properly manage the files and adding them to your virtualhosts file be it either apache or nginx. For more reference you can check out the Certbot site.
Through WordPress Let’s Encrypt Plugin
This is about the simplest way of adding a certificate if you’re on WordPress, even if you own a VPS, this way is far more simpler than having Certbot do the work since it’s fully automatic. It uses a plugin called WP Let’s Encrypt which can be downloaded from WordPress.org.
Once the plugin has been loaded you need to register your site on the plugin, like this:
I recommend setting the option to Auto-generate Certificate to be always active as with the option Expire Warnings. This way if something goes wrong, you will always be warned about possible expirations. After this information is completed you will then proceed to Register your account. This allows the plugin to directly connect with Let’s Encrypt servers and this will effectively remove the process of having to validate your domain (which is not only cool but saves time too!).
Here is the tricky part. After the certificate is generated and fully activated you will notice that the path to the actual files is not within the “public_html” folder so you will have to manually download those files to load the certificate into your control panel (again – we explain how to load certificates in the next section).
Since the certificate will be the same when the plugin reissues the certification after 60 days you will not need to do this process again effectively creating a self-maintained system, so it’s only tricky the first time.
Load Your SSL Certificate
Now that you’ve chosen the method that best fits your needs and you have the generated certificate, let’s load it onto your panel. If you’re on cPanel or Vesta or any other panel you need to use the File Explorer or FTP (we like to use Transmit or Filezilla for this) and download the following files (note: the route to these files is always provided by the WordPress plugin once the certificate was generated):
- cert.pem
- private.pem
- chain.pem
After you have the files you can continue with the next step.
cPanel
For cPanel the process is pretty straightforward and involves loading the certification into the SSL/TLS menu. To access this menu you can simply type “SSL” into your cPanel search.
You need to access the Install and Manage SSL for your site (HTTPS) menu and load the certificate there:
Simple copy-paste the code from each file into the following boxes as this:
- The file cert.pem content goes into the Certificate (CRT)
- The file private.pem content goes into the Private Key (KEY)
- The file chain.pem content goes into the Certificate Authority Bundle (CABUNDLE)
That’s it! Your new Let’s Encrypt Certificate should be active on your domain. The whole process can take a couple of minutes the first time, but it’s so straightforward that the combination with WP Let’s Encrypt plugin and loading the certificate onto cPanel can take less than a minute once you’re used to it!
VestaCP
Vesta is more user friendly than even cPanel for loading certificates. After you downloaded your files through Vesta File Explorer or FTP you need to load it onto your domain menu, switching from HTTP to HTTPS like this:
You load the contents of the respective files just as they are (copy-paste) without adding or removing anything, into the following boxes in this order:
- The file cert.pem content goes into the SSL Certificate
- The file private.pem content goes into the SSL Key
- The file chain.pem content goes into the SSL Certificate Authority / Intermediate
Once you have the contents loaded you simply click Save and voila! your web is instantly converted to SSL. Remember that this is all the initial configuration. Once the certificate has been loaded, you can choose to use WordPress Plugin to automate the reissue of the certificate.
Completing SSL Setup
Once the certificate is active you need to instruct WordPress to use SSL for the connection, like this:
Once you click save you will have an HTTPS only site and you can begin to change your Google preferences and make further adjustments to your SEO.
Conclusion
With this article you’ve learned several ways on how to create a free SSL certificate and load it to your hosting environment. There are already hosting providers that support Let’s Encrypt right out of the box, and this is not a tutorial for that services. If you don’t already have a direct Let’s Encrypt method on your hosting, this tutorial was handmade for you. Of all the methods, using the WordPress Plugin combined with cPanel or Vesta is about the quickest of all the methods, taking you no more than 1 minute and giving you the freedom to forget about the reissue, since it will be handled by the plugin itself.
Technology has progressed a lot since the early days of HTTPS, and with the coming of Let’s Encrypt it’s universally available to everyone. Of course, there are cases where websites such as online store should still purchase premium certificates since they will cover you in case of fraud, but for the rest of us free certificates are here to stay.
