A while back Google tried to encourage all website owners to make the move from http to https. After it failed to become widely adopted Google decided to up the ante by giving any website without it the dreaded Not Secure mark in the url bar.
If you click on it you’ll get a message telling you that your connection isn’t secure.
The quickest way to get a free SSL certificate is with sslforfree.com.
1. Get SSL Certificate
Head over to the website and type your domain name in the box. Press enter or click Create Free SSL Certificate.
It’s well worth creating an account with them so they can notify you when your SSL certificate is about to expire.
2. Manually Verify your Domain
Click Manual Verification on the next screen.
Click Manually Verify Domain.
In step one you’ll see two download links for the verification files. Download them both.
Over in your file manager on your server you need to make a couple of folders to upload the verification files too.
Navigate to the root of your domains folder structure and click +Folder. Type .well-known as the folder name and press Create New Folder.
Enter the .well-known folder and create another folder called acme-challenge and enter that folder.
Upload the two files you downloaded to the acme-challenge folder.
Check that the files have uploaded and are in the correct location by clicking on the links over on the sslforfree website.
You should see something like the following:
Click the Download SSL Certificate button.
3. Install SSL Certificate on cPanel
In cPanel scroll down to the Security section and click SSL/TLS.
Click on Manage SSL sites.
Scroll down until you see the domain dropdown and choose the domain you entered in sslforfree.
The three boxes below correspond with the three boxes on sslforfree. Copy and paste the code from sslforfree to the corresponding box in cPanel.
When all the boxes are filled click Install Certificate.
Once your SSL certificate is installed you’ll get a message letting you know the installation was successful.
If you check over on your website using https:// at the start of your url you should see a lock in place of the Not Secure message. Click on the lock and you’ll see the Connection is secure message and details about your certificate.
4. Redirecting Your Domain to https
While your SSL certificate is installed and valid, people can still type in http:// and they’ll be greeted with that Not Secure message. If you’re using wordpress then the simplest way to redirect visitors that arrive on the http page to the https version is with a plugin.
However, if you want to delve into the murky world of editing your .htaccess access file navigate to it in your file manager.
I’ve got wordpress installed so there’s already code in my .htaccess. The two important lines that I’ve added that are responsible for the redirect are highlighted below.
You’re now the proud owner of your very own website with it’s very own security certificate!