Author Topic: Installing Free SSL Certificates  (Read 314 times)

0 Members and 1 Guest are viewing this topic.

Offline bruleoadmin

  • Owner / Admin / Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 1893
    • Skype - torquepoint
    • View Profile
    • Bruleo
Installing Free SSL Certificates
« on: 10 February 2017, 11:58:52 AM »
IMPORTANT : This post relates to the hosting that we provide using the Hepsia Control Panel.  These instructions are meant as a guide only and not a definitive tutorial as changes in hosting terms or the provision of free certificates may change at any time.

If you encounter problems, I will assist for free, ONLY where time allows, but you should understand that you use these instructions at your own risk!

These instructions were correct at the time of posting / updating and were used exclusively to install the certificates at all my own sites, including this forum.

Last updated : 17 February 2017 at 16:12 (UK)



Now that Google have started penalising websites without SSL certificates (or rather, they say, giving sites with HTTPS a ranking boost), it is becoming important that you add them to your site.

Bruleo hosting offers great value certificates, but for those that cannot see the cost justification for your site, it is a relatively easy process to install fully functional free certificates provided by Let's Encrypt.

These certificates offer full TLS 1.2, AES with 128 bit encryption (High); ECDH with 256 bit exchange

Currently, the only draw-back with adding these free certificates is that they have a three month expiry, so would need to be renewed every 90 days.

Note : Many hosts will not allow you to install 3rd-party or free certificates as they want you to spend more money with them.  Most will tell you that you need to have a dedicated IP address, or even worse, a minimum of VPS hosting to install certificates: This is total rubbish as you do not need either (although a dedicated IP is recommended). If they tell you this, tell them to get lost and move to a host that doesn't lie. Unlike most hosts, and despite selling their own certificates and IP address (both of which I provide at cost), you are allowed install 3rd-party certificates on the hosting I provide using special IP addresses that are provided with each hosting account.  Of course, if you want a dedicated IP address, you can do that too!

The following may seem daunting, but all in all, it takes less than five minutes once you've logged in and got the relevant pages up that you need.

 It will be in four parts. Part #1 and #4 only need to be done once, but unfortunately, due to the current nature of free certificates, the rest will need to be done every 90 days (although this is being discussed at Let's Encrypt and may be extended in the future).



PART 1 (Create CSR for your site) :
1) Log into your Hepsia hosting Control Panel Go to 'My Domains' >> 'SSL Certificates'
2) Choose 'CSR Requests', then ''Generate CSR'.
3) Complete the form as required (use www.southsound.co.uk as Hostname as it will cover both www and non-www versions)
4) Once generated, copy the CSR and Private Key, using the icons under 'Actions'.
(Note : The email address you provide MUST be an account set up at your host and related to your domain, otherwise the generated certificate will not be valid.)
(VERY IMPORTANT : NEVER GIVE THE PRIVATE KEY TO ANYONE!)



PART 2 (Prove site ownership and generate certificate) :
5) Go to https://www.sslforfree.com/ and enter your domain in the box and hit enter.
6) Chose Automatic or Manual Verification, depending on what you prefer. (Automatic might be quicker, but I don't like entering my FTP info on sites, so prefer the Manual method).
7) Follow the instructions.
8) Make Sure 'I Have My Own CSR' is ticked and paste in the CSR content you created in Step #4
9) Click 'Download SSL Certificate'.
(Note : If using manual verification, note that the first folder you will need to create contains a dot at the beginning of the name.)



PART 3 (Upload and install certificate) :
10) In your hosting Control Panel, choose 'My Domains >> Hosted Domains', then choose 'Edit Domain' (the cog icon next to your domain in the list).
11)  In the form that opens, under IP address, choose the IP displayed under 'Available Shared IP's for SSL's'
12) Choose 'Upload SSL Certificate' under 'Secure Socket Layer (SSL).
13) Paste in the Private Key and CSR content from step #4 above.
14) Paste in the 'Certificate' and CA Bundle from sslforfree.com in the other two fields.
15) All other fields can be left as they are, Click save, wait a few seconds and it should be done.



PART 4 (Redirecting http to https) :
Once you have installed, you will need to ensure that http' redirects to 'https'. Some hosts allow you to do this within the main hosting Control Panel, but if they do not, you will need to this in your main htaccess file by adding something like* the following code after 'RewriteEngine On' :
Code: [Select]
      RewriteCond %{HTTPS} off
      RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
(* Please note that there are a great many code variations that do the same thing. Depending on what other redirects you have in place [www to non-www for example], you may need to use different code, most of which can be found online.)

An example which should work in most cases to redirect http non-www to https www would be as follows  :
Code: [Select]
	## Redirect non-www to www taking into account SSL
        RewriteCond %{HTTPS} !on [OR]
        RewriteCond %{HTTP_HOST} !^www\.
        RewriteRule (.*) https://www.yourdomain.com%{REQUEST_URI} [L,R=301]

Extending on the above, another example would be like I have at www.gateuk.com where I redirect non-www to www pages AND redirect 'index.php' pages to the main domain with https :
Code: [Select]
	## Redirect non-www to www and redirect index.php taking into account SSL
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.gateuk.com%{REQUEST_URI} [L,R=301]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https://www.gateuk.com/ [R=301,L]
You will need to research the exact code you need for your site, as everyone's exact requirements are different. DO NOT JUST BLINDLY COPY AND PASTE THIS TYPE OF CODE WITHOUT ENSURING IT WORKS FOR YOU!



IMPORTANT :
a) If you have any directs calls to images or content on your site that use http, they will ALL need to be changed to https.  If you do not do them all, security warnings may show in visitor's browsers, with some browsers blocking access completely.  Also, Google will NOT recognise any sites with their latest updates that have any security warnings caused by these.  If you use any server third-party scripts stored on your server, you may need to edit these.  Some third-party ad providers (such as PaidOnResults), still use http for a lot of their banner code. If you use these, your site will suffer from security warnings. For example, if you include a banner on your site that is located on another site's server, that image must also be served though the https protocol. If the external site is not https, then the image will either not load, generate security warnings or prevent your entire site from loading. You will therefore need to consider either removing the banner entirely, or placing the image on your server.

In short, after changing to https, ANY resource used by your site that would ultimately be loaded onto a user's computer, will also need to be using https.

To see if your site fails anywhere, simply load your browser in Chrome, FF, Edge or IE and use any of the included developer resources in that browser and they will tell you exactly where to look. From personal experience, IE and Edge are best.

b) PHPLinkDirectory Users Only : Most, if not all default installations of the PHPLinkDirectory script have poor coding that do not allow for automatic detection of https, causing things like the listing submission process to fail following certificate installation.  For any identified code changes you may need to make following certificate installation, please see the following thread :
http://www.bruleo.com/using-https/
(Note : If you find any other problems following installation of SSL on our hosting AND using any version of the phpLD script above 3,2, let me know and if it is a problem caused by the default code, I will look into it and endeavour to find a fix!)

c) Do not forget to change any admin settings if you have them to reflect the new https URL.  For phpLD scripts for example, this would be in your admin 'Settings >> Site' section.  If you find that the https version of your site is loading without any formatting, this is probably the reason. (Note, some scripts contain URL settings in files).



TIPS :
a) Ensure you renew your certificate several days prior to the expiry date. Since the site needs to propagate DNS around the world, any change of certificate may take 24 hours or so before the certificate shows.  From experience with this hosting, it is unlikely to be more than a few minutes to fully propagate, but it is totally possible that it could take up to 72 hours.

b) If you complete your email etc in the main form for the certificate at sslforfree.com, they will send you a reminder one week before it expires.

c) It would be advisable to copy your Private Key & CSR and store them somewhere secure. That way, if the worst happens and you lose your site and need to restore, you should be able to these to reactivate any certificate you have already created. (I'm not sure how to do this just yet, but am advised elsewhere that it can be done!)

d) When creating the certificate at sslforfree.com, be sure to add both the www and non-www version of your domain. Sometimes, certificates for the www version will work with both, but it often depends on both the certificate authority, the hosting and how it is installed.  If you redirect non-www to www (or vica-versa) then this is not that important, as long as the redirect you use works for all pages and the certificate is created for the destination domain. (Note : It is recommended you do this type of redirect as it negates duplicate content issues.)

Offline bruleoadmin

  • Owner / Admin / Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 1893
    • Skype - torquepoint
    • View Profile
    • Bruleo
Re: Installing Free SSL Certificates
« Reply #1 on: 05 May 2017, 10:04:19 PM »
= = UPDATE = =

Free SSL Certificates from Let's Encrypt have now been enabled as a feature in the hosting I provide without needing to perform any of the instructions outlined in the previous post.

Anyone using my hosting now has the ability to activate totally free certificates with AUTOMATIC renewal, simply by editing the settings for the domain in their control panel.

I will leave the instructions below for legacy reference only as it also covers some issues you may encounter when installing certificates from any provider.

Bruce



Tags:
 

SPONSORS