It’s well known that having an SSL certificate is looked on kindly by Google when working out a page’s rank – after all, it is a sign that the webmaster is aware of basic security issues. I’ve been meaning to setup my sites with SSL certificates for a while now but have always been put off by the price or the complexity of using the free service Let’s Encrypt.
Thankfully, there is now a simpler way using the SSL For Free service. This website makes use of the Let’s Encrypt Certification Authority to generate a free SSL certificate which you can then install on your website. The process is painless and only takes a few minutes.
Generating the certificate
First, you enter your domain name in the form. The website should automatically add the www. variant or non-www. variant as applicable:
You are then required to verify that you own the domain. You can do this automatically by adding your FTP login details to the website, but if you don’t trust this then you can manually verify it by download a text file and then uploading it to your website. Once this is done you can generate the certificate and save the relevant keys somewhere safe. I found that the keys generated when using the Edge browser were not accepted when I tried to install them, but keys generated using Chrome worked without issue.
It should be noted that these SSL certificates are free but are only valid for 90 days. You can register on the website so that you receive an email reminder shortly before the certificates expire so that you can regenerate them and reinstall them. This is the main negative but as you get everything else for free I find it is a minor inconvenience as long as you remember to do this before the certificates expire!
Installing the certificate
My websites use Plesk to administer the server and it is straightforward to install the certificates – there are several websites that offer guides on this such as this one. You just need to copy the certificate text and paste it into the relevant box.
There’s one last step which is to force your website to load securely over HTTPS with your shiny new SSL certificate. If your site is running WordPress you can use the Really Simple SSL plugin which once installed can enable SSL with one click. If you are not using WordPress you need to edit your .htaccess file to rewrite URLs to use HTTPS. There are various guides on how to do this, my personal website uses the following entries in .htaccess:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://www.keanei.co.uk/$1 [R=301,L]
Once this is done then all you need to do is regenerate the certificates every 90 days. It will only take a few minutes and is saving a decent amount of money in the long run!