HTTPS(abbr. from English. HyperText Transfer Protocol Secure) - an extension of the HTTP protocol to support encryption in order to increase security. Using HTTPS data is transferred over cryptographic protocols SSL or TLS. Unlike HTTP with TCP port 80, HTTPS defaults to TCP Port 443. More detailed description this protocol can be read in Wikipedia.
In the absence of SSL modern browsers mark your sites as unsafe. Using SSL prevents message interception, intervention to communication channels and substitution trusted websites.
Visitors to your sites will be confident in the confidentiality of data and the authenticity of pages, and as an additional advantage of using SSL - more user trust to the site and more high positions in search engines!
Possible issues when using SSL
Most CMSs allow you to select which protocol to use and set up an automatic redirect from HTTP to HTTPS. If the CMS does not support this function, you can set up redirects manually by adding to the beginning of the file .htaccess the following lines:
RewriteEngine On RewriteCond %(HTTP:X-Forwarded-Proto) !=https RewriteRule .* https://%(SERVER_NAME)%(REQUEST_URI)
It is also worth paying attention to possible problems when using SSL:
- In the event that your site is indexed by search engines, when using SSL, search engines will initially consider sites accessible via HTTP and HTTPS to be different. Automatic merging of mirrors can take up to 2 months, during which time the site may lose its positions.
The correct solution would be to specify search engine on the equivalence of these sites using the host directive in the file robots.txt, for example:
- If your site uses third-party widgets, for example, chat, telephony, statistics - they also need to be transferred to the HTTPS protocol
- There may be problems with third-party services that loaded data from your site and do not understand 301/302 redirects after transferring it to HTTPS
Successful work! If you have any questions, please write us a ticket from Account control panels, chapter " ".
There are several ways to install a certificate from Let's Encrypt, the winner of all competitors in the free solutions market. The easiest of these methods is to submit a ticket to your hosting support asking if you have Let's Encrypt support and asking you to install certificates for your domains and set up automatic renewal.
The list of hosting companies supporting Let's Encrypt is posted on the project website. The list is not exhaustive and is aimed at a Western client - even if your hosting is not on the list, it's still worth asking.
Let's Encrypt from hosting providers
My blog works on - and they have support for Let's Encrypt, although it is not declared either in the above list or on the website of Fozzy itself. Moreover, in January of this year, the provider took and installed automatically renewing SSL certificates on all domains and subdomains of its clients, for which many thanks to him - I just have to set up redirects from HTTP to HTTPS URLs.
When a three-year certificate from the distrusted Chinese from WoSign with the release of the 57th version Google Chrome, I uninstalled it and asked the folks at Fozzy to install Let's Encrypt for the blog, which they immediately did.
Moreover, the site of the Kurumkan regional administration runs on 1C-Bitrix and very mediocre Rostelecom hosting, which also supports Let’s Encrypt. You can install an automatically renewing SSL certificate on Rostelecom hosting yourself: go to ISP Manager, select the “WWW” item there, then in the “SSL Certificates” drop-down menu, click the “Create” button and select the desired domain. Everything.
What to do if the hosting does not want to install Let's Encrypt and tries to sell a paid certificate? If you have a WordPress site, you do not want to move to some Fozzy and your bad hosting provides access to server management via cPanel (a very common solution), I know how to solve this problem without complicated manipulations.
WP Encrypt WordPress Plugin
An easy-to-use working plugin, which, however, has not been updated for a long time. Not more than a couple of days ago (on the 20th of March 2017) I checked its work on another domain and everything worked out.
The scheme of work is as follows: install and activate the plugin, go to its settings. There you need to “call” your site as you like and choose the most suitable country for it. Then, at the bottom of the settings page, click the “Register Account” button, register in just one or two clicks, and then click the same blue “Generate Certificate” button that appeared instead.
After the instant generation of an SSL certificate, you will be shown the paths on the web server where the certificate and key files were saved (we are interested in cert.pem and private.pem).
Do not forget to check the checkbox "automatically renew the certificate" or "notify about the expiration of the certificate for so many days" or both in the plugin settings. I can’t vouch for the auto-renewal’s performance, I’ll probably have to manually renew the certificate every three months, and this is the main disadvantage of Let’s Encrypt and the described method of using it in general.
Be so kind as to try it and write in the comments somewhere if auto-renewal works in the plugin. For now, let's move on to cPanel.
Installing an SSL certificate in cPanel
In the "File Manager" you need to find the folder where the plugin put the certificate files. Usually the path looks like this: "letsencrypt→live→"your domain"". Now on click right click mouse, open the cert.pem file (it is better to open the certificate files for reading, the “View” option) and copy its entire contents.
We return to cPanel, there in the "Security" section there is an item "SSL / TLS". In it, click on the link "Install and manage SSL for the site (HTTPS)", at the bottom of the page under the heading "Install site with SSL encryption" select the domain for which the certificate was generated, and in the "Certificate: (CRT)" field, paste the contents of the cert.pem file.
Then, in the file manager, you need to process the private.pem file in the same way and paste its contents into the next “window” for installing the “Private key (KEY)” certificate. The Certification Authority Package: (CABUNDLE) field can be left blank.
If you did everything correctly, the server should report that the entered data is correct, and you can click the "Install Certificate" button. If there are errors in the ciphers, a corresponding warning will appear. That, in general, is everything you need to know about installing an SSL certificate on Apache-like servers using cPanel.
2-minute HTTPS-everywhere setup on a WordPress site
On various good sites, a lot of text is written about moving to HTTPS, some complex database manipulations, etc., but in our time of general simplification, we want something easy and fast.
To do this, you first need to go to WordPress settings, there in the fields "WordPress Address (URL)" and "Site Address (URL)" instead of the existing one, enter the address of your site with the https:// prefix. Attention: do this only after you have installed the certificate on the server, otherwise, after saving the settings, the site will stop opening!
Next, install two plugins - WP Force SSL and Easy HTTPS Redirection. After activating them, all site content should switch to HTTPS automatically. If as a result of these simple manipulations you see a green lock in the address bar, then everything worked out. Congratulations!
Hello dear friends. Today we will talk about connecting and installing a free Lets Encrypt SSL certificate on Hosting Beget. As I mentioned in the article, if your site is hosted by Beget, then you can connect a free Lets Encrypt SSL certificate. This means that you can transfer your site to the HTTPS protocol without much effort and at zero cost.
Note: Sprinthost hosting also has the opportunity to install a free SSL certificate. And this means that such a service will appear, if it has not yet appeared, with all hosting providers.
The procedure for obtaining and installing a certificate will take approximately 20-30 minutes. This time is necessary for the issuance of the certificate, and you cannot speed it up.
Before proceeding with obtaining an SSL certificate, you must prepare your site, . This must be done, otherwise there will be errors, and the certificate will work crookedly.
Obtaining and installing a free Lets Encrypt SSL certificate on Beget hosting
So, go to the hosting control panel and click on the icon "Domains".
By going to the section "Domain Management", there will be an icon next to your domain « SSL", so you click on it.
After clicking on the button, you will see a message that the application for issuing a certificate has been sent.
You need to wait until the center issues a certificate, and it will be installed. Upon completion of this procedure, you will receive an email to your email box. And in the section "Domain Management" there will be a message about the installed certificate.
That's it, the whole process of installing a free SSL certificate is over. Next, you need to set up a redirect from HTTP to HTTPS and take care of the search indexing settings. I will show the redirect setup in the video tutorial, see the redirect codes and instructions on what needs to be done for search indexing.
Video tutorial on installing a free Lets Encrypt SSL certificate on Beget hosting
Friends, that's all for today. If you have any questions, I will be happy to answer them in the comments. And in the next article I will tell you how to install a free SSL certificate on Sprinthost hosting.
I wish you all good luck and good mood!
Sincerely, Maxim Zaitsev.
We are pleased to announce that now users of our hosting can order free of charge directly from the control panel
An SSL certificate provided by the non-profit organization Let's Encrypt. The certificate will be automatically issued and installed for your domain, and will subsequently be automatically renewed. To order Let's Encrypt Certificate no dedicated IP address required.
Issue, installation and further extension of the certificate - absolutely free!
How to order a free SSL certificate?
1. Go to the "Domains" section and select "SSL certificate management" opposite the domain. 
2. In the window that opens, go to the "Free certificate" tab and click the "Order" button. 
3. After sending an order for an SSL certificate to your contact email, you will receive an email about applying for an SSL issue, and then another email about the completion of its installation.
4. At the time of installation, the A-record will be automatically changed for the domain if the domain works on our DNS. If you do not use our DNS, then you must manually register the IP address specified in the letter as an A-record for the domain.
DNS records are usually updated within 10-15 minutes, after updating them, check the correct operation of the site via https and, if necessary, set up a redirect from http to https on a permanent basis.
Make sure that all resources connected to the site are requested via https, as well as all internal and external links specified using the https protocol. Otherwise, it may affect correct work site.
If everything went well, then when you request a site via https, you will see a green padlock to the left of your site address in the address bar of your browser 
, which means that a secure connection has been established with it. Click on the green lock icon if you want to see more detailed information about the issued certificate.
This service is provided free of charge and is open beta testing for our clients. If you find any problems, please contact technical support, we will gladly try to help you and make the service more convenient.
In the article, we will consider the pros and cons of the free Let's Encrypt, for whom it is suitable, how to get and install it on a site with a Plesk 12.5 panel
Let's Encrypt- free, automated project, with an open CA (certificate authority - certification authority).
MAIN ADVANTAGES
is free: any site owner (in particular, a domain name) can obtain and install a trusted Let's Encrypt TLS certificate (TLS is the successor to SSL);automation: all installation, configuration and upgrade functions are carried out in automatic mode;
safety: all Let's Encrypt encryption methods meet current standards;
transparency: public availability of information about the issue and revocation of each certificate for anyone;
free: the open standard principle will be used for protocols of interaction with CA (certificate authority).
SOFTWARE IMPLEMENTATION
The Certification Authority issues certificates that are generated on the ACME server using the Boulder protocol, written in the GO language (available in source code under the MPL2 license).This server provides a RESTful protocol that operates over a TLS encrypted channel.
The client part of the ACME protocol, i.e. certbot, written in Python, is also open source under the APACHE license. Certbot is installed on client server to create a certificate request, check the validity of the domain, and then install the certificate, followed by configuring the HTTPS encryption of the web server.
Also included in the certbot function is to renew the certificate after the expiration date. Installing the certificate is done with one command after the license is accepted.
Certbot allows you to install a certificate from additional options-OCSP stapling and HTTP Strict Transport Security
INSTALLING LET "S ENCRYPT SSL CERTIFICATE (INSTRUCTIONS)
Consider the use of a certificate in relation to the servers used on our hosting.The vast majority of our servers are running Plesk version 12.5 where this module is already included in the Plesk 12.5 distribution and its installation is simple and convenient. Just go to the splash panel in the " Sites and Domains" section, click on the Let's Encrypt module,
Select the desired options and after clicking the "Install" button, the installation will take place in less than a minute.
Since this certificate is valid for no more than 90 days, a corresponding cron task has been created in the splash panel in the Tools and Settings - Task Scheduler section
It is worth noting that there are some restrictions on certificate generation:
- duplicate certificates - no more than 5 per week;
- the number of attempts to generate a certificate no more than 5 times per hour.
ABOUT THE DISADVANTAGES OF LET "S ENCRYPT
At the end of this article, we want to note that despite all the advantages of this type certificate, there are disadvantages to consider when choosing SSL:- The free Let's Encrypt certificate is short-term and is designed for a period of no more than 90 days, unlike the paid one, which can be issued for up to 3 years. You can, of course, reissue the certificate every 3 months, but be sure to follow the deadlines. You can reissue the certificate in three ways: manually, by configuring the cron task scheduler, or automatically.
If you chose the manual update method, then follow the deadlines and reissue the certificate on time. Otherwise, you risk getting an influx of dissatisfied site users and their subsequent outflow.
cron task scheduler is the way to set up automatic update. The method is good for those who have Linux administration skills and know how to work with crons. It should also be borne in mind that there are errors in the operation of the cron that may prevent the certificate from being reissued. Conclusion: you still have to follow the update.
Automatic update. This method assumes that you automatic settings provided by the Certification Authority. And here you need to understand that in this way you give your consent to the fact that the CA can make changes at its own discretion to the software and settings of your server.
- Not all domains can be protected with free Let's Encrypt. This certificate is only designed to protect one domain without company verification, the so-called DV SSL (Domain Validation).
So, using Let "s Encrypt, you cannot create the following types of certificates:
- Wildcard certificate to protect subdomains of a specific domain;
- OV SSL(organization validation) certificates, which involve checking not only the domain, but also the company;
- EV SSL certificates (extended validation). Certificate with the maximum degree of protection and a green browser address bar;
- Multi-Domain certificate UCC type; - Important point- there are no financial guarantees for using Let "sEncrypt. If a free certificate is suddenly hacked, no one will provide you with monetary compensation.
CONCLUSION
Summing up, we can say that the Let's Encrypt Certification Center is a fairly successful project, the popularity of which is growing every year among network users.And if you need a simple certificate for a single domain, you have the appropriate administrative skills, and if you don't need SSL with OV-organization validation or green address bar and specifying the name of the company in the certificate, then this certificate can be used.
However, we recommend that large companies, online stores, banks and other e-commerce projects install commercial ones from well-known Certificate Authorities, such as GlobalSign, Comodo.
This way you gain the trust of users and show that you are a serious company that cares about the security of customer data.
- Share: