{"id":2800,"date":"2018-06-12T09:23:37","date_gmt":"2018-06-12T04:23:37","guid":{"rendered":"https:\/\/stylemixthemes.com\/wp\/?p=2800"},"modified":"2022-07-06T10:47:40","modified_gmt":"2022-07-06T05:47:40","slug":"free-ssl-certificate-https-wordpress","status":"publish","type":"post","link":"https:\/\/stylemixthemes.com\/wp\/free-ssl-certificate-https-wordpress\/","title":{"rendered":"How to Get a Free SSL Certificate and HTTPS for WordPress"},"content":{"rendered":"

An SSL certificate secures your website by encrypting the connection between your website and the end user.<\/p>\n

Since 58.4% of users primarily or solely use the Chrome browser<\/a>, it’s important to be sure your WordPress website is secure with SSL and HTTPS to help visitors trust your website.<\/p>\n

Obtaining an SSL certificate can be quick and free. Let\u2019s Encrypt<\/a> is a prominent and trusted provider of free SSL certificates through the help of the automated client Certbot<\/a>.<\/p>\n

Today, I\u2019ll share more detail on SSL, HTTPS, Let\u2019s Encrypt<\/a> and Certbot<\/a> as well as how to manually install, manage, and renew a free SSL certificate on your web server to secure your WordPress website so it displays error-free in Chrome.<\/p>\n

What is SSL and HTTPS, and Why Do I Need It?<\/h2>\n

An SSL certificate is a public digital document issued by a Certificate Authority (CA) for a domain name that binds a cryptographic key to its attached website.<\/p>\n

All websites with a valid SSL certificate use HTTPS and SSL protocol, which encrypts communication between the website\u2019s server and end user\u2019s browser.<\/p>\n

Having a valid SSL certificate for your website confirms that your site is trustworthy for users to enter information as opposed to a website simply posing with \u201chttps\u201d in their URL. It also prevents hackers from hijacking the connection to obtain unauthorized access.<\/p>\n

For details, check out Why HTTPS and SSL for WordPress Websites are Absolutely Essential<\/a>.<\/p>\n

What is Let\u2019s Encrypt?<\/h2>\n

Let\u2019s Encrypt<\/a> is a automated CA provided by the Internet Security Research Group (ISRG), a non-profit that\u2019s dedicated to making the internet a more secure place. Let\u2019s Encrypt only issues free SSL certificates, and the process is expedited by running a certificate management agent on the web server.<\/p>\n

Types of Certificates<\/h3>\n

Let\u2019s Encrypt<\/a> authenticates a Domain Validation (DV) certificate, which is the lowest level certificate a CA offers, and only confirms that a website owns the domain name to which it claims.<\/p>\n

As of January 2018, Let\u2019s Encrypt also offers a wildcard certificate<\/a>, which allows you to secure all subdomains of a website with a single certificate. For example, info.example.com<\/em> and about.example.com<\/em>.<\/p>\n

You also must have the specific ACMEv2 protocol and as a result, a client that has been updated to support ACMEv2.<\/p>\n

For details, check out ACME Client Implementations<\/a>.<\/p>\n

Let\u2019s Encrypt<\/a> certificates are valid for 90 days, no exceptions, and they recommend renewal every 60 days so you have 30 days to work out any possible issues. Although, it\u2019s possible to configure automatic renewal, depending on your server.<\/p>\n

How to Get a Certificate<\/h2>\n

The easiest way to obtain a free SSL certificate from Let\u2019s Encrypt is through your web hosting.<\/p>\n

Let\u2019s Encrypt has partnered with many web hosts<\/a> as well as a number of providers that enable Let\u2019s Encrypt and redirect to HTTPS by default.<\/p>\n

If your hosting service isn\u2019t aware of Let\u2019s Encrypt, you can contact them and let them know it\u2019s an option.<\/p>\n

If your hosting service doesn\u2019t have compatibility, one of the easiest ways to put a Let\u2019s Encrypt free SSL Certificate on your web server is with Certbot<\/a>, which is an automatic client that fetches and deploys your SSL certificate on your web server.<\/p>\n

According to the Certbot documentation<\/a>, \u201cCertbot aims to build a network that is more structurally private, safe and protected against censorship.\u201d<\/p>\n

\"Certbot
Certbot provides easy to use instructions based upon your software and operating system.<\/figcaption><\/figure>\n

Installing Certbot<\/h3>\n

Certbot is packaged for a variety of different operating systems and servers. The best way to figure out an ideal setup is to go to Certbot\u2019s website<\/a> and read the specific installation instructions.<\/p>\n

In most cases, you need root access or admin-level capabilities to authorize CertBot.<\/p>\n

Installation will typically occur via SSH, a secure shell cryptographic protocol that allows file transfers over insecure networks. Popular SSH Clients are Terminal<\/a> for Mac OS X and PuTTY<\/a> for Windows.<\/p>\n

Installing The Certificate<\/h3>\n

Depending on your setup and the needs of your site, there are multiple ways to install a Let\u2019s Encrypt DV certificate on your site. The Certbot website walks you through the installation<\/a> process based on your specific server setup.<\/p>\n

As previously mentioned, you can also install a certificate automatically through your web host if they have chosen to make this option available. Consult your host\u2019s documentation for setup instructions as each web host varies.<\/p>\n

If you\u2019d like to install a wildcard certificate, you\u2019ll have to use a DNS plugin.<\/p>\n

You can check out the Certbot Documentation<\/a> for details.<\/p>\n

Standalone Mode<\/h4>\n

If you don\u2019t have server software such as Apache or Nginx, for example, and you\u2019re not interesting in getting any, the standalone plugin approach is a suitable option.<\/p>\n

The plugin will need to bind to web server ports 80 (for HTTP) or 443 (for SSL) to validate the domain so it\u2019s possible you may need to free up those ports on your server beforehand.<\/p>\n

They\u2019re both used to load your site, but Certbot can throw errors if neither are available. The process of closing and opening ports depends on your operating software, so consult the specific documentation needed as necessary.<\/p>\n

After making sure Certbot is installed and that either port 80 or 443 is available, enter the command below into your SSH client. Note that depending on which port you use, the command will be slightly different.<\/p>\n

\n\n\/\/For Port 80\ncertbot certonly --standalone --preferred-challenges http -d example.com\n\n\/\/For Port 443\ncertbot certonly --standalone --preferred-challenges tls-sni -d example.com\n\n<\/pre><\/pre>\n
Breaking it down, certonly<\/strong> obtains (or in certain contexts, renews) a certificate, but does not install it, –standalone<\/strong> tells Certbot to run a standalone web server for authentication, –preferred-challenges<\/strong> designates the post that Certbot will use and -d<\/strong> specifies the domain name for which you\u2019re requesting an SSL certificate.<\/p>\n
After running the command, you\u2019ll be prompted to enter your email address and agree to the terms and conditions.<\/p>\n
When finished, you\u2019ll receive a message telling you the process is complete as well as the location of your certificate.<\/p>\n
Webroot Plugin<\/h4>\n
Using the webroot method is an option if you have the capabilities to modify content on your server. The webroot method of installing a certificate places a validation file at a specific location on your web server.<\/p>\n
This method is handy because you don\u2019t have to switch any ports and don\u2019t need to fret about bringing down a live site during the installation process.<\/p>\n
It may be important to know that to use the webroot plugin, you need to make sure your server is configured to show files from hidden directories, and specifically, the \/.well-known folder.<\/p>\n
Run this command in your SSH client to install the webroot method:<\/p>\n
\n\ncertbot certonly --webroot -w \/var\/www\/example -d www.example.com -d example.com\n\n<\/pre><\/pre>\n
The certonly<\/strong> command obtains the certificate, –webroot<\/strong> tells Certbot the method we\u2019re using, and you\u2019ll need to include -w<\/strong> or –webroot-path<\/strong> and then the file path containing the uppermost directory that has the files served by your web server, –webroot-path \/var\/www\/html<\/strong> being a common webroot path.<\/p>\n
For details, check out the Certbot documentation<\/a>.<\/p>\n
Where Your Certificates are Located<\/h4>\n
All keys and issued certificates can be found at \/etc\/letsencrypt\/live\/$domain<\/em>, which is kept updated when renewals occur.<\/p>\n
Here\u2019s a list of the files in your certificate:<\/p>\n