• Facebook Icon Link
  • Instagram Icon Link
  • Reddit Icon Link

How to Install a Free SSL Certificate.

Install Free SSL Certificate Graphic

Tutorial Overview.

This tutorial is all about SSL technology. It will explain what SSL is, why it’s important to have SSL, and the different levels of validation. Then I will show you how to install a free SSL certificate using Let’s Encrypt and ZeroSSL.

Quickies.

What is an SSL Certificate?

SSL stands for Secure Sockets Layer. SSL is a security technology for creating an encrypted connection between a browser and a web server. This connection makes it so that all data passed between the browser and the server is private. If you have ever looked at the URL of the websites that you visit you will notice that some start with https: and some start with https:. That “s” on the end means that the website is secure and is using SSL.

Why is it Important to Have SSL?

The number one reason to have SSL is security. Without SSL, hackers are able to intercept data between the computer and server and do whatever they want with the data. Google is now flagging websites that don’t have SSL and marking them insecure. They are also including this in their ranking algorithm now so if you don’t have SSL it will hurt your SEO. Having an SSL certificate on your website creates trust with your users and shows them you care about their privacy.

Do I Need an SSL Certificate?

In this day and age, there really is no reason to not have SSL on your website and as I will show you below it can be absolutely free. eCommerce websites are required to be PCI (Payment Card Industry) compliant and one of the requirements of PCI compliance is to have SSL on their website. If you have a website in the healthcare industry and collect, store or transmit patient data in any way you are required under HIPAA regulations to have SSL on your website. If you have people that login to your website you need SSL so their user information is secure. It doesn’t really matter if you are required to have SSL or not, if you are serious about your website you need SSL.

Levels of SSL Validation.

The companies that issue SSL certificates are called Certificate Authorities (CA). When the CA issues an SSL certificate to a website, it needs to verify the website’s identity. There are three levels of validation.

Domain Validation. (DV)

Domain validation has the lowest level of validation. In this case, the CA simply verifies that the applicant has control of the domain in question. This is usually done by uploading a file to your server or changing a DNS entry. If you can display ownership of the domain you will be issued a DV SSL certificate. You will usually receive the SSL certificate the same day. These certificates are low priced or free, in this case, which I will show you below.

non-secure example

Marked as insecure by Google.

Organization Validation. (OV)

Organization Validation is one step above Domain Validation. You will still have to demonstrate ownership of the domain but there are few additional steps. If you want an OV SSL certificate, you will need to submit the documentation requested by the CA and they may call you to for further verification. This process can take up to a few days. These are moderately priced but can vary widely depending on the company.

Secure website example

The padlock shows that the site is secure.

Extended Validation. (EV)

Extended Validation is the most strict type of validation. The CA will perform an in-depth check to verify that you are a legal entity, that you operate at the physical location you claim to and other checks that they feel necessary. You may be required to do this on a yearly basis. These are the most expensive and are usually issued in 3 to 5 days but can take longer.

ev ssl certificate

The padlock with the company name next to it shows that this site has an EV SSL certificate.

What Type of SSL is Right for My Website?

If you run a small blog or personal static website a DV SSL is going to be just fine. If you have a mid-size company or a small eCommerce store, go with an OV SSL. If the website is for a large corporation or large eCommerce store then step up and get the EV SSL certificate.

How to Get a Free SSL With Let’s Encrypt & ZeroSSL.

1. Go to ZeroSSL.com.
2. Click on Online Tools.

zerossl

3. Under FREE SSL Certificate Wizard click on Start.

zerossl wizard

4. On the right side, in the Domains field enter the domain name of the website.
5. Accept the terms of service towards the bottom.
6. Click Next.

free ssl certificate wizard

7. If you are prompted, I suggest including the www version and the non-www version.

Note: if you want to put an SSL on a subdomain it needs to be done seperately.

8. Download the CSR.

download ssl keys

9. Click Next.
10. Download the Private Key.
11. Click Next. Keep this window open for the verification process.

ssl verification screen

How to Verify Ownership of Your Domain.

1. There are some browser extensions that may interfere with this process so check the message box at the top of the screen for warnings.
2. If you have any warnings, disable the extensions refferenced.

extension warning

3. Under Verification, download the file/s.

ssl verification screen

4. Upload the verification files to your server in this location: webroot/.well-known/acme-challenge/.
5. The next few sections explain how to upload these files. If you don’t need instruction through uploading the files, please skip to Complete the Verification Process.

About the cPanel Folder Structure.

The root directory in cPanel contains system folders that, with the exception of public_html, are not accessible on the web. The public_html directory is in the root and it is where your main cPanel domain name is pointed. You can also create subdirectories to host additional websites in the public_html directory.

a. webroot is how I will refer to the directory that your website is in.

b. .well-known is simply the name of a directory or folder in the webroot. If it is not already in the webroot you will need to create one.

c. acme-challenge is also the name of a directory and you will probably need to create it. The acme-challenge directory will need to be placed inside the .well-known directory.

How to See if You Have a .well-known Directory via cPanel.

1. Login to cPanel.
2. Click on File Manager.

cpanel file manager

3. Double click on the icon to the left of the public_html directory.

public html folder

4. If your website is not in this directory, navigate to the directory that contains your website.

Note: The .well-known directory is a hidden directory so just because you don’t see it doesn’t mean it’s not there.

5. If you don’t see the .well-known directory, click on Settings in the upper right corner.

cpanel settings

6. Select Show Hidden Files (dotfiles).

cpanel preferences

7. If the .well-known file magically appears in the file manager, skip to Create an acme-challenge Folder.
8. If you still don’t see the .well-known directory, you will need to create one.

Create a .well-known Directory via cPanel.

1. While in the webroot of your website click on +Folder in the upper left corner.

add folder

2. Enter .well-known into the New Folder Name field and click Create New Folder.

well-known

How to See if You Have a .well-known Directory via FTP.

1. Make an FTP connection to the website. Detailed instructions if needed: How to Make an FTP Connection with FileZilla.
2. Navigate to the directory that contains your website.

Note: The .well-known directory is a hidden directory so just because you don’t see it doesn’t mean it’s not there.

3. If you don’t see a .well-known folder, make sure your hidden files are visible.

well-known folder

4. I’m using FileZilla. The setting for hidden files is under Server in the top bar. Select Force showing hidden files.

force showing hidden files

5. If the .well-known file magically appears in the file manager, skip to Create an acme-challenge Folder.
6. If you still don’t see the .well-known directory, you will need to create one.

Create a .well-known Directory via FTP.

1. Make an FTP connection to the website. Detailed instructions if needed: How to Make an FTP Connection with FileZilla.
2. Navigate to the directory that contains your website.
3. Left click in the webroot and click Create Directory.

create directory graphic

4. Enter .well-known into the field and click Ok.

filezilla create directory

Create an acme-challenge Folder Inside the .well-known Folder.

1. If there is already an acme-challenge folder in the .well-known directory, skip this section.
2. Enter the .well-known directory.
3. Use the same method you used above to create a new directory and name it acme-challenge.

How to Upload the Verification Files.

1. Enter the acme-challenge directory.
2. If you are using FileZilla you can just drag and drop these files into the acme-challenge directory.
3. If you are using the cPanel File Manager click Upload in the upper right corner and upload the files.

upload cpanel

Complete the Verification Process.

1. Once you have uploaded the file/s, go back to the verification window on the ZeroSSL website.
2. Click on the links to verify that the verification files are in the right place. You should get a new browser window open that displays the verification text string.

zerossl verification screen

3. If your verifications pass, click Next. If not you may have the verification files in the wrong folder.
4. Download the Domain CRT and the Domain Key.

How to Install a Free SSL Certificate via cPanel.

1. Login to your cPanel account.
2. Locate the Security section and click on SSL/TLS.

cpanel security section

3. Click on Manage SSL Sites.

manage ssl sites

4. Under Manage Installed SSL Websites, find the domain name in question and click on Update Certificate.

manage ssl websites

5. Copy the FIRST BLOCK of text from the domain.crt file and paste it into the Certificate:(CRT) field.
6. Copy all of the contents of the domain-key file and paste it into the Private Key field.

csr private keys

7. Click Install Certificate.
8. You now have a secure website.

ithemes security plugin ad
Leave a Reply

Your email address will not be published. Required fields are marked *