Installing a free Let’s Encrypt SSL certificate

Most hosting providers will provide you with an SSL certificate. Really Simple SSL attempts to detect and enforce the installed SSL certificate automatically.

If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple SSL. The below steps will guide you through the SSL generation process.

Important Note: your Hosting Provider may restrict the generation/installation of third-party SSL certificates. Therefore, it depends on your Hosting Provider whether you are able to install a Let’s Encrypt SSL certificate on your website. Check if your provider allows the installation of third-party SSL certificates here: https://really-simple-ssl.com/install-ssl-certificate/

Accessing the Letā€™s Encrypt Wizard

The below notice will appear when activating Really Simple SSL on a website without an SSL certificate installed. Click the ā€œInstall SSL certificateā€ button to launch the Letā€™s Encrypt Wizard and start generating an SSL certificate for your website.

Really Simple SSL - Activate & Install SSL notice

To access the Letā€™s Encrypt Wizard when this notice does not appear, enter your domain in the tool below and click the ā€œGo to Wizardā€ button.

 

System Status

Really Simple SSL Lets Encrypt - System Status

During this section of the Wizard, the plugin will verify whether the site/domain meets the requirements for Let’s Encrypt. This includes the following checks:

  • Detecting if a valid SSL certificate had already been installed
  • Checking the PHP version of the server (minimum PHP required version: 7.1).
    • Update your PHP version to at least version 7.1. Your hosting provider can help you update the PHP version on your server.
  • Verifying that the PHP extensionĀ cURLĀ is available & enabled
    • If the cURL extension is not available, your hosting provider can enable it for you.
  • Detecting the type of server software used on the environment (e.g. DirectAdmin/cPanel/Plesk).
  • Detecting alias domains to include on the SSL certificate
    • Example: for “domain.com” to become reachable with “www.domain.com”, it must be added as an alias to the “domain.com” domain.

General Settings – Domain

This section of the Wizard contains questions related to the domain, hosting provider and your Letā€™s Encrypt account. Most sections will be pre-filled based on your configuration.

Really Simple SSL Lets Encrypt - Domain

  • Email address

Enter the email address that you wish to use to create a Let’s Encrypt account, this is also where renewal notifications will be sent to.

  • Terms & Conditions

Youā€™ll need to agree to theĀ Letā€™s Encrypt Terms and Conditions in order to generate a Letā€™s Encrypt SSL certificate.

  • OCSP stapling

OCSP is a tool to check the certificate status in real-time. OCSP stapling saves the results of the OCSP check on the webserver and serves it on each request, improving load time.

It could be that your hosting provider does not support OCSP stapling. If this applies to your environment, you can enable the ā€˜Disable OCSP Staplingā€™ option.

  • Domain

Will be pre-filled with the domain of your website for which the certificate will be issued.

  • Hosting provider

By selecting your hosting provider from the dropdown list, Really Simple SSL will inform you if the SSL certificate can automatically be installedĀ or if manual installation is necessary.

To find out whether your hosting provider offers free SSL and/or supports automatic installation of Letā€™s Encrypt SSL certificates, find your provider in the list of hosting providers here: https://really-simple-ssl.com/install-ssl-certificate/

General Settings – Hosting

In this section, you will be asked to provide the URL and credentials of your hosting management software (such as cPanel, Plesk or DirectAdmin) for the purpose of certificate issuance, installation and renewal of the certificate.

Really Simple SSL Lets Encrypt - Hosting

  • Host

The URL used to access the Dashboard of your hosting software (such as: cPanel/Plesk/DirectAdmin).

  • Username

The username used to log-in to the Dashboard of your hosting software

  • Password

The password used to log-in to the Dashboard of your hosting software

  • Credentials storage

Enable this option if you want Really Simple SSL to remember the credentials, in order for the plugin to attempt renewal of your certificate(s) upon expiration.

Verification (Directories/DNS Verification)

This step may differ based on your environment. By default, Really Simple SSL handles authorization with a ā€˜directory challengeā€™, as in most cases this can be handled automatically.

However, if your site is a multisite WordPress installation and/or has subdomains that should also be secured with SSL (such as mail.domain.com, cpanel.domain.com), the DNS verification method is required.

Directories

Really Simple SSL Lets Encrypt - Directory Verification

  • Host

Are there any limitations that could prevent SSL generation from being completed?

  • Keys directory

Has theĀ /ssl/keys/Ā directory been createdĀ (and is it sufficiently protected)?

  • Certs directory

Has theĀ /ssl/certs/ directory been created?

  • Permissions
    • Do the required directories have the required permissions so that Really Simple SSL is able write to these folders?
    • And is the plugin able to reach the ā€˜acme-challengeā€™ directory over HTTP? (/.well-known/acme-challenge/really-simple-ssl-permissions-check.txt)

DNS Verification

If you see the below screen, you have to add a “TXT record” in the DNS Management section of your hosting software (such as: cPanel/Plesk/DirectAdmin) to complete the DNS verification.

Really Simple SSL Lets Encrypt - DNS Verification 1

  • Add a new record with type TXT
  • Copy the value of the ā€œdomainā€ field from the Letā€™s Encrypt Wizard, and use this as the Record Name in the DNS Management/Settings panel of your hosting software
  • Finally, copy the contents of the ā€œValueā€ field from the Letā€™s Encrypt Wizard, and place this in the Value/Content field in the DNS Management/Settings panel of your hosting software.

Note: we recommend using a short TTL (Time to Live) value during installation.

Really Simple SSL Lets Encrypt - DNS Verification adding a TXT record

Generation

The plugin will now start generating the SSL certificate for your domain.

Really Simple SSL Lets Encrypt - Generation

  • In the event that SSL generation fails due to an Invalid order ID, reset the Let’s Encrypt Wizard by clicking theĀ “Reset Let’s Encrypt”Ā button in the top right corner. You can retry the generation of your SSL certificate upon resetting Let’s Encrypt.

Installation

Automatic SSL installation

If the hosting environment allows automatic SSL installation, the plugin will now install your SSL certificate and notify you when the process has completed.

Really Simple SSL Lets Encrypt - Automatic Installation

Manual SSL installation

On some environments the SSL certificate will need to be installed manually. You will receive the below notice if that is the case:

Really Simple SSL Lets Encrypt - Installation (Manual)

Your newly generated SSL certificate consists of three files (CRT, KEY and CABUNDLE).Ā  These files have to be installed in your hosting management software, after which your site will be secured with SSL. The exact installation steps depend on which software is used on your server.

 

Lightweight plugin, Heavyweight Security features. Get Pro and leverage your SSL certificate for WordPress security standards.Ā