Most hosting providers will provide you with an SSL certificate. Really Simple SSL attempts to detect and enforce the installed SSL certificate automatically.
If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple SSL. The below steps will guide you through the SSL generation process.
Important Note: your Hosting Provider may restrict the generation/installation of third-party SSL certificates. Therefore, it depends on your Hosting Provider whether you are able to install a Let’s Encrypt SSL certificate on your website. Check if your provider allows the installation of third-party SSL certificates here: https://really-simple-ssl.com/install-ssl-certificate/
Accessing the Let’s Encrypt Wizard
The below notice will appear when activating Really Simple SSL on a website without an SSL certificate installed. Click the “Install SSL certificate” button to launch the Let’s Encrypt Wizard and start generating an SSL certificate for your website.
To access the Let’s Encrypt Wizard when this notice does not appear, enter your domain in the tool below and click the “Go to Wizard” button.
During this section of the Wizard, the plugin will verify whether the site/domain meets the requirements for Let’s Encrypt. This includes the following checks:
- Detecting if a valid SSL certificate had already been installed
- Checking the PHP version of the server (minimum PHP required version: 7.1).
- Update your PHP version to at least version 7.1. Your hosting provider can help you update the PHP version on your server.
- Verifying that the PHP extension cURL is available & enabled
- If the cURL extension is not available, your hosting provider can enable it for you.
- Detecting the type of server software used on the environment (e.g. DirectAdmin/cPanel/Plesk).
- Detecting alias domains to include on the SSL certificate
- Example: for “domain.com” to become reachable with “www.domain.com”, it must be added as an alias to the “domain.com” domain.
General Settings – Domain
This section of the Wizard contains questions related to the domain, hosting provider and your Let’s Encrypt account. Most sections will be pre-filled based on your configuration.
- Email address
Enter the email address that you wish to use to create a Let’s Encrypt account, this is also where renewal notifications will be sent to.
- Terms & Conditions
You’ll need to agree to the Let’s Encrypt Terms and Conditions in order to generate a Let’s Encrypt SSL certificate.
- OCSP stapling
OCSP is a tool to check the certificate status in real-time. OCSP stapling saves the results of the OCSP check on the webserver and serves it on each request, improving load time.
It could be that your hosting provider does not support OCSP stapling. If this applies to your environment, you can enable the ‘Disable OCSP Stapling’ option.
Will be pre-filled with the domain of your website for which the certificate will be issued.
- Hosting provider
By selecting your hosting provider from the dropdown list, Really Simple SSL will inform you if the SSL certificate can automatically be installed or if manual installation is necessary.
To find out whether your hosting provider offers free SSL and/or supports automatic installation of Let’s Encrypt SSL certificates, find your provider in the list of hosting providers here: https://really-simple-ssl.com/install-ssl-certificate/
General Settings – Hosting
In this section, you will be asked to provide the URL and credentials of your hosting management software (such as cPanel, Plesk or DirectAdmin) for the purpose of certificate issuance, installation and renewal of the certificate.
The URL used to access the Dashboard of your hosting software (such as: cPanel/Plesk/DirectAdmin).
The username used to log-in to the Dashboard of your hosting software
The password used to log-in to the Dashboard of your hosting software
- Credentials storage
Enable this option if you want Really Simple SSL to remember the credentials, in order for the plugin to attempt renewal of your certificate(s) upon expiration.
Verification (Directories/DNS Verification)
This step may differ based on your environment. By default, Really Simple SSL handles authorization with a ‘directory challenge’, as in most cases this can be handled automatically.
However, if your site is a multisite WordPress installation and/or has subdomains that should also be secured with SSL (such as mail.domain.com, cpanel.domain.com), the DNS verification method is required.
Are there any limitations that could prevent SSL generation from being completed?
- Keys directory
Has the /ssl/keys/ directory been created (and is it sufficiently protected)?
- Certs directory
Has the /ssl/certs/ directory been created?
- Do the required directories have the required permissions so that Really Simple SSL is able write to these folders?
- And is the plugin able to reach the ‘acme-challenge’ directory over HTTP? (/.well-known/acme-challenge/really-simple-ssl-permissions-check.txt)
If you see the below screen, you have to add a “TXT record” in the DNS Management section of your hosting software (such as: cPanel/Plesk/DirectAdmin) to complete the DNS verification.
- Add a new record with type TXT
- Copy the value of the “domain” field from the Let’s Encrypt Wizard, and use this as the Record Name in the DNS Management/Settings panel of your hosting software
- Finally, copy the contents of the “Value” field from the Let’s Encrypt Wizard, and place this in the Value/Content field in the DNS Management/Settings panel of your hosting software.
Note: we recommend using a short TTL (Time to Live) value during installation.
The plugin will now start generating the SSL certificate for your domain.
- In the event that SSL generation fails due to an Invalid order ID, reset the Let’s Encrypt Wizard by clicking the “Reset Let’s Encrypt” button in the top right corner. You can retry the generation of your SSL certificate upon resetting Let’s Encrypt.
Automatic SSL installation
If the hosting environment allows automatic SSL installation, the plugin will now install your SSL certificate and notify you when the process has completed.
Manual SSL installation
On some environments the SSL certificate will need to be installed manually. You will receive the below notice if that is the case:
Your newly generated SSL certificate consists of three files (CRT, KEY and CABUNDLE). These files have to be installed in your hosting management software, after which your site will be secured with SSL. The exact installation steps depend on which software is used on your server.
- Installing an SSL certificate on cPanel: https://really-simple-ssl.com/installing-ssl-on-cpanel/
- Installing an SSL certificate on Plesk: https://really-simple-ssl.com/installing-an-ssl-certificate-on-plesk/
- SSL installation instructions per Hosting provider: https://really-simple-ssl.com/install-ssl-certificate/