Black Friday Deals 40% OFF

Days
Hours
Minutes

Installing a free Let’s Encrypt SSL certificate

Most hosting providers will provide you with an SSL certificate. Really Simple SSL attempts to detect and enforce the installed SSL certificate automatically.

If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple SSL. The below steps will guide you through the SSL generation process.

Important Note: your Hosting Provider may restrict the generation/installation of third-party SSL certificates. Therefore, it depends on your Hosting Provider whether you are able to install a Let’s Encrypt SSL certificate on your website. Check if your provider allows the installation of third-party SSL certificates here: https://really-simple-ssl.com/install-ssl-certificate/

Accessing the Let’s Encrypt Wizard

The below notice will appear when activating Really Simple SSL on a website without an SSL certificate installed. Click the “Install SSL certificate” button to launch the Let’s Encrypt Wizard and start generating an SSL certificate for your website.

Really Simple SSL - Activate & Install SSL notice

To access the Let’s Encrypt Wizard when this notice does not appear, enter your domain in the tool below and click the “Go to Wizard” button.

 

System Status

Really Simple SSL Lets Encrypt - System Status

During this section of the Wizard, the plugin will verify whether the site/domain meets the requirements for Let’s Encrypt. This includes the following checks:

  • Detecting if a valid SSL certificate had already been installed
  • Checking the PHP version of the server (minimum PHP required version: 7.1).
    • Update your PHP version to at least version 7.1. Your hosting provider can help you update the PHP version on your server.
  • Verifying that the PHP extension cURL is available & enabled
    • If the cURL extension is not available, your hosting provider can enable it for you.
  • Detecting the type of server software used on the environment (e.g. DirectAdmin/cPanel/Plesk).
  • Detecting alias domains to include on the SSL certificate
    • Example: for “domain.com” to become reachable with “www.domain.com”, it must be added as an alias to the “domain.com” domain.

General Settings – Domain

This section of the Wizard contains questions related to the domain, hosting provider and your Let’s Encrypt account. Most sections will be pre-filled based on your configuration.

Really Simple SSL Lets Encrypt - Domain

  • Email address

Enter the email address that you wish to use to create a Let’s Encrypt account, this is also where renewal notifications will be sent to.

  • Terms & Conditions

You’ll need to agree to the Let’s Encrypt Terms and Conditions in order to generate a Let’s Encrypt SSL certificate.

  • OCSP stapling

OCSP is a tool to check the certificate status in real-time. OCSP stapling saves the results of the OCSP check on the webserver and serves it on each request, improving load time.

It could be that your hosting provider does not support OCSP stapling. If this applies to your environment, you can enable the ‘Disable OCSP Stapling’ option.

  • Domain

Will be pre-filled with the domain of your website for which the certificate will be issued.

  • Hosting provider

By selecting your hosting provider from the dropdown list, Really Simple SSL will inform you if the SSL certificate can automatically be installed or if manual installation is necessary.

To find out whether your hosting provider offers free SSL and/or supports automatic installation of Let’s Encrypt SSL certificates, find your provider in the list of hosting providers here: https://really-simple-ssl.com/install-ssl-certificate/

General Settings – Hosting

In this section, you will be asked to provide the URL and credentials of your hosting management software (such as cPanel, Plesk or DirectAdmin) for the purpose of certificate issuance, installation and renewal of the certificate.

Really Simple SSL Lets Encrypt - Hosting

  • Host

The URL used to access the Dashboard of your hosting software (such as: cPanel/Plesk/DirectAdmin).

  • Username

The username used to log-in to the Dashboard of your hosting software

  • Password

The password used to log-in to the Dashboard of your hosting software

  • Credentials storage

Enable this option if you want Really Simple SSL to remember the credentials, in order for the plugin to attempt renewal of your certificate(s) upon expiration.

Verification (Directories/DNS Verification)

This step may differ based on your environment. By default, Really Simple SSL handles authorization with a ‘directory challenge’, as in most cases this can be handled automatically.

However, if your site is a multisite WordPress installation and/or has subdomains that should also be secured with SSL (such as mail.domain.com, cpanel.domain.com), the DNS verification method is required.

Directories

Really Simple SSL Lets Encrypt - Directory Verification

  • Host

Are there any limitations that could prevent SSL generation from being completed?

  • Keys directory

Has the /ssl/keys/ directory been created (and is it sufficiently protected)?

  • Certs directory

Has the /ssl/certs/ directory been created?

  • Permissions
    • Do the required directories have the required permissions so that Really Simple SSL is able write to these folders?
    • And is the plugin able to reach the ‘acme-challenge’ directory over HTTP? (/.well-known/acme-challenge/really-simple-ssl-permissions-check.txt)

DNS Verification

If you see the below screen, you have to add a “TXT record” in the DNS Management section of your hosting software (such as: cPanel/Plesk/DirectAdmin) to complete the DNS verification.

Really Simple SSL Lets Encrypt - DNS Verification 1

  • Add a new record with type TXT
  • Copy the value of the “domain” field from the Let’s Encrypt Wizard, and use this as the Record Name in the DNS Management/Settings panel of your hosting software
  • Finally, copy the contents of the “Value” field from the Let’s Encrypt Wizard, and place this in the Value/Content field in the DNS Management/Settings panel of your hosting software.

Note: we recommend using a short TTL (Time to Live) value during installation.

Really Simple SSL Lets Encrypt - DNS Verification adding a TXT record

Generation

The plugin will now start generating the SSL certificate for your domain.

Really Simple SSL Lets Encrypt - Generation

  • In the event that SSL generation fails due to an Invalid order ID, reset the Let’s Encrypt Wizard by clicking the “Reset Let’s Encrypt” button in the top right corner. You can retry the generation of your SSL certificate upon resetting Let’s Encrypt.

Installation

Automatic SSL installation

If the hosting environment allows automatic SSL installation, the plugin will now install your SSL certificate and notify you when the process has completed.

Really Simple SSL Lets Encrypt - Automatic Installation

Manual SSL installation

On some environments the SSL certificate will need to be installed manually. You will receive the below notice if that is the case:

Really Simple SSL Lets Encrypt - Installation (Manual)

Your newly generated SSL certificate consists of three files (CRT, KEY and CABUNDLE).  These files have to be installed in your hosting management software, after which your site will be secured with SSL. The exact installation steps depend on which software is used on your server.

 

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.