Haven’t you heard? SSL certificates aren’t just for eCommerce anymore. Everyone wants encryption; even Google is using it as a ranking indicator now. This has been a problem for a lot of hobby websites, sites that have no income or desire to support themselves with advertisements, and people for whom the expense of a commercial certificate is just too great.
The solution has arrived, and it’s in the form of Let’s Encrypt. A free SSL provider with a massive amount of industry support.
After doing some initial testing to make sure it would work well for our clients, we launched Let’s Encrypt across all our servers using the Plesk Extension. This allows users to create and install a free SSL certificate on their website within seconds. We wouldn’t necessarily recommend it for eCommerce sites, but for providing a valid SSL certificate at no cost – it can’t be beat.
Prefer reading over watching? No problem.
- Begin by logging in to Plesk
- Once in Plesk, find the domain that you wish to secure in the list. If you don’t see a list of domains, click “Websites & Domains” in the upper left corner.
- Once you’ve found your domain settings, you may need to click the “SHOW MORE” link. It’s found roughly below the “Mail” or “Databases” icon. This provides you with a bunch more configuration options for your domain.
- Look for “Let’s Encrypt” and click on it to proceed.
- Enter your preferred email address (typically your tech contact)
- Include the www for your domain if it’s *not* being installed on a subdomain
- Click Install.
Plesk automatically generates the CSR, sends it to Let’s Encrypt, retreives the certificate, installs it, then activates it for the domain.
Now that you’ve got the cert, if you’d like to force SSL to be active across your entire website, navigate to “Hosting Settings” for the domain and select the checkbox under the Security heading that says “Permanent SEO-safe 301 redirect from HTTP to HTTPS”.
If you’re using a web application like WordPress, you may also find you need to adjust some of your image resources, or use a plugin to forcefully change all resource links to HTTPS. Here’s how!
Any questions or feedback? Leave them in the comments.