SSL converts websites/blogs addresses from HTTP to HTTPS (secure protocol). You can see the padlock before the website address you visit on the address bar of the web browsers. It indicates that the website is secured with the HTTPS protocol.
Why you need an SSL Certificate for the website?
- If you want to rank on search engines like Google, your website must be secured with HTTPS. Google does not rank the websites without the HTTPS protocol installed.
- If you have a membership website, you must add the SSL. Because it encrypts the users’ data between the browser and the server.
- When your website has a payment option for some e-commerce or donation or payment of fees or any other payment type. Then, you must needs HTTPS. And most of the payment gateways do not provide service to websites that have not HTTPS installed.
- Your website visitor may not find it trustworthy if they find the red alert with Not Secure on the browser. Because Google Chrome shows the users this alert for the websites that are not secured.
Popular web hosting providers like Bluehost, Hostinger, or DreamHost come with a Free SSL certificate for a lifetime with their one-year plans. If your plan does not have an SSL certificate included, or you have hosted another website that is not included with the free SSL certificate plan. Or your SSL certificate was bought from another authority and now has expired then you need to install an SSL certificate manually.
If you want to get an SSL certificate without spending a penny, here I have described the easiest way to implement a free SSL certificate on your website. I will show the steps with the example of this website. This website is not included in the Free SSL certificate plan. So I have installed the same SSL certificate as the web hosting services provide.
Where to get a free SSL Certificate? If you Google for Free SSL Certificate you will get a list of lots of websites that are providing SSL Certificate for FREE. But after using so many websites to implement SSL certificates I find this one is the easiest. You can implement the SSL certificate without any coding knowledge with SSL For Free. No account is required for this website.
Steps to get the Free SSL Certificate
1. Request for SSL Certificate
Go to https://sslforfree.com and type your website address and click on the Create Free SSL Certificate button.
It will validate the website for the www and non-www version. It will take a few seconds to create the SSL Certificate for the website.
2. Get the verification files
After the validation completes you will get three options to verify your website for the SSL certificate. Select the Manual verification (it is the fastest and safest). If you select the Manual verification option you will get another button at the bottom of the screen named Manually Verify Domain. Click on the button.
You will get links to download two verification files. Download the files one by one.
3. Upload the files on the host server
The next thing is you have to upload the files you just downloaded on your hosting server.
Open another tab and login to the hosting account(cPanel– every hosting provider provides a Control Panel to manage the websites on the account) and go to File Manager. On the file manager, you have to go to the root folder of your website. Go to public_html folder (this is the by default root folder of all hosting).
Now go to Settings from the top right corner and click on Show hidden files(dotfiles).
If you had an SSL certificate installed for your website you may find a folder named .well-known, in that case, delete this folder and start from fresh.
For the fresh installation create a folder and name it .well-known(do not forget to type the dot(.) before the folder name). Open the folder and create another folder under it named acme-challenge.
Now upload both the files on that folder.
Upload files to hosting using FileZilla | FileZilla set up guide.
4. Verify the uploads
Now go to the previous tab (SSL For Free window), you can see two links on step 5. Click on the links one by one.
If the upload process has gone smoothly with the exact folder names you will see some random characters after clicking on the links (Or it may download the file that you just uploaded).
If you see any error after clicking on the links you have to go through the upload process again.
5. Get SSL Certificate Keys
Now at the bottom click on the Download SSL Certificate Button.
Now it will redirect you to another screen where you can see three different keys, Certificate, Private Key, and CA Bundle.
You need to paste these keys on the SSL option on the Hosting account(cPanel).
6. Install SSL Certificate Keys
Now again go to the cPanel and open SSL/TLS. You will find the option Install and Manage SSL for your site (HTTPS), click on the Manage SSL Sites under that option.
Select your domain for which you want to create the HTTPS security. Now paste the Certificate, Private Key, and CA Bundle accordingly from the SSL For Free Window.
Finally, click on the Install Certificate button at the bottom.
Now open your website, you can see that it is now protected with HTTPS security.
Additional Settings
After you are done with the installation of your Free SSL Certificate you can now see the green padlock before the website address. Two more steps you may need to implement to complete HTTPS security. One is the Force HTTPS and another if you are using WordPress software to run your website. See below one by one.
Force HTTPS
Force HTTPS is to redirect the old links without the HTTPS to the new secure HTTPS protocol. You can do this simply by editing the .htaccess file on the File Manager on the cPanel.
Go to the public_html folder and show hidden files from the settings (as described above). You will find a file named .htaccess. Open the file and paste the below-mentioned code on that file.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Now Save and close the file. The all links will now redirect to the secured protocol.
For WordPress websites
If you are using WordPress you need to do one more thing to fully secure the website with HTTPS protocol.
Open the WordPress dashboard and go to Settings and General. Write https instead of http before the website address on the WordPress Address (URL) and Site Address (URL).
Now save the settings.
Another good practice for security is to use a CDN network. You can use Cloudflare, it will improve the performance and security for the website. Read this to setup Cloudflare on your website.
Final Thoughts
This free certificate is valid for 90 days. You have to implement the certificate again after 90 days with the same process mentioned above.
You can create an account on the SSL For Free page to get notified about the expiration of the SSL certificate.
Always keep your website secure. Regularly check the security measures to keep your website maintained. Subscribe to this blog to get more updates about security, WordPress, SEO, Performance-related issues.
Your suggestions are welcome. You can write your valuable comments and I surely will reply to the comments.
Jaded by the 9 to 5 work as an executive in charge of a large enterprise department`s technical direction, he made his way back to his passion. More than dozens of created websites later, he is now an author of a range of programming courses for beginners up to first-rate working professionals.
Write him to nur@positivegeek.com
- Create Custom Mailbox for Free - December 25, 2021
- How to Enable WooCommerce Autofill Checkout Address with Google - August 15, 2021
- How to Manage Affiliate Links Professionally - August 8, 2021
