Let’s Encrypt: HTTPS installed for free (in 15 minutes) using cPanel

by | Jul 6, 2018 | Security, NGINX | 0 comments

Introduction

Your web site address starts with http://
The site contains interactive elements, such as payment buttons, or text forms etc.
For the visitor, the site is flagged by the browser as ‘insecure’.

You need to convert the site to https://
This requires that you obtain an SSL certificate, and install it on your web site.

Thankfully, for the vast majority, this task is extremely easy, and rapidly acomplished.

Be aware that the SSL certificate requires renewing every 90 days.
This guide does not cover renewal methods – you have 90 days to figure that out (auto renewal methods are discussed in the help files below).

Many help files exist – however, unless you have a problem, they need not be read.
(They can be confusing, due to their requirement to cover a variety of circumstances that probably don’t apply to you)

Follow the steps outlined below, and you will secure your website.

Note:
Some web hosting services allow their cPanel users access to an AutoSSL plugin.
If you have this plugin available, it may be worthwhile learning how to use it, as it will automatically keep renewing the certificate.

https://github.com/srvrco/getssl/blob/master/other_scripts/cpanel_cert_upload 26

https://documentation.cpanel.net/display/CKB/The+Let’s+Encrypt+Plugin 17

https://documentation.cpanel.net/display/68Docs/Manage+AutoSSL 12

Otherwise, for an instant fix, the copy and paste method below will buy you time to work out a long term automated solution.

IMPORTANT NOTE

Installing SSL HTTPS on your website is only the first step.
All the traffic to your site must be redirected to the https:// url.

If this is not implemented, your visitors will find themselves on an unsecured site.
See the section: Redirect Visitors to HTTPS (at end of guide)

Method in Brief

Verify that you own the site – copy and paste some blocks of text.

Requirements

cPanel
Text editor – such as Notepad++ or Gedit
File uploader (to the web site) – such as Filezilla or the file manager in cPanel
Disk drive to store the files – perhaps a back up drive, or usb drive etc. (about 6kB space required)

Preparation

Login to cPanel
Scroll to security section, right-click SSL/TLS – new tab
4 links are presented

Open in new tabs:

  • Certificates (CRT)
  • Install and Manage SSL for your site (HTTPS)

File Uploader
In cPanel, open ‘File Manager’ in a new tab
OR
Connect your file uploader to your web site server (public_html directory)

On your local hard drive, browse the uploader to your ‘download’ directory.
(you will receive 2 files that must be uploaded to your server)

Connect the storage drive

Launch the text editor
Create 3 new files – saved to storage drive as

  • certificate.txt
  • key.txt
  • ca-bundle.txt

sslforfree.com 29
Open a new tab for the above site.

Preparation Complete
You have

  • 2 tabs for the cPanel SSL installation.
  • 1 tab for receiving the certificate details.
  • File uploader – locally looking at your download directory, and remotely looking at your server public_htmldirectory.
  • 3 named empty text files open.

You can now start the process.

Method

Note:
During the process, you will see that both name.com & www.name.com are covered by the certificate.
If you have more subdomains eg. name1.name.com name2.name.com, you can type those subdomain names (Leave a space between each domain).

In sslforfree
Enter your web site address, and click ‘create’
Follow the instructions that appear before you (they are excellent).

The 2 verification files can be clicked to download.

Using your file manager or uploader

  • Remotely, create/add a new directory in public_html.
    (The instructions indicate the directory name – .well-known)
  • Select that new directory and create/add a new directory (acme-challenge)
  • Upload the 2 verification files to the acme-challenge directory.

The links to both these files are provided
Use the links, and open both files in new tabs, to confirm that a single line of characters are being displayed.
Close those tabs – you have verified ownership of the site.

If the linked pages don’t display – check in your file manager/uploader that you have:
Directory .well-known in public_html
Directory acme-challenge in .well-known
2 files in acme-challenge

In sslforfree & text editor
After succesful verification – 3 blocks of text are displayed:

  • certificate
  • key
  • ca-bundle

For each block – select all – copy – paste (into each of the apropriate text files that you created earlier) and save.

In sslforfree & cPanel
Again, select all & copy the certificate block of text.
Switch to the cPanel ‘Upload a New Certificate’ tab.
Paste the text where instructed.

(you can describe the certificate but this is anyway done automatically – so no need)
Save Certificate.

Switch to the cPanel ‘Install an SSL Website’ tab.
Select the domain (website)
Click ‘Autofill’.
The certificate should appear in the appropriate box.

Switch to sslforfree tab
Click in ‘Private Key’ box
Select all – copy

Switch to the cPanel ‘Install an SSL Website’ tab.
Paste the Private Key text into its box.

The CA_Bundle text will autofill into its box (or you could paste it in).

Install Certificate.

Switch to sslforfree
Register an email, to receive an alert when the certificate requires renewal.

Load your web site in the browser (using https://), and see it displayed as https://

Job done?
Almost!

Redirect Visitors to HTTPS

HTTPS is no use at all if your visitors find themselves on a HTTP site.
Thankfully @serverco has provided the code that will solve this problem.
Note; @SilverbackNet has also provided a range of coding options for different server setups, and alternative code to that used below.

Brief
If your site is already using .htaccess you will add the code on a new line.
Otherwise, you will create the file in a text editor and upload it to public_html

Using your file uploader or cPanel File Manager
Browse your local drive to your website directory.
In the root directory, look for the file .htaccess

If it is not present – no problem.
If it is present – rename it .htaccess(pre-https)

Next – look in the remote server public_html directory for .htaccess
If it is present – drag it (download it) to your local drive website directory.

Sensibly – check to see if the file contents match the file on your hardrive.
The objective is to have a backup of the .htaccess file that was on the server.

Using your text editor
Open .htaccess

On a new line; paste the following code (change name.com):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://name.com/$1 [R,L]

Save the file.
Note: if .txt has been added, it must be removed.
the filename is .htaccess

If you found that .htaccess did not exist; simply create a new file in the text editor – paste in the above code – name the file .htaccess – save it to your local drive website directory.

Using your file uploader or cPanel File Manager
Upload .htaccess to public_html directory.

Test

In your browser; enter a http:// url to a page on your website.
It should appear as a https address.

Thats it!
You have enabled https and ensured that your visitors will always be able to use it.
You are now open for business.

Don’t forget to renew the certificate every 90 days.
Bookmark, and return to this guide, for future instructions on auto renewal.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.