The entire web is moving to HTTPS encryption thanks Google announcing that starting July, with Chrome 68, all HTTP sites will be marked as “not secure”. They had earlier slightly up-ranked sites with HTTPS to nudge adoption of encryption which seems to have worked to a certain extant. There is of course, the highlighting of unencrypted forms by almost all browsers.
This site is hosted on BigRock which itself resells certificates from Rs.1,425/year (+tax) and costs as much as the hosting itself! If you don’t want such an expensive solution to begin SSL journey with, there is Let’s Encrypt. Let’s Encrypt gives free 3 month certificates that is as good as the best. If you are running on a Linux hosting plan and have CPanel access, here are the steps to set up SSL on your site.
- Generating a Private Key
- Login to cPanel on your Hosting service
- In the Security section, click on SSL/TLS Manager
- Under Private Keys (KEY), click on Generate, view, upload, or delete your private keys
- Set the Key Size to 2,048 bits
- Description can be blank; or name it if you want to identify the private key easily (helpful if you have multiple sub-domains)
- Click on Generate to generate the Private key and keep it handy
- Generate a Public Key (Certificate Signing Request)
- Return to SSL Manager
- Under Certificate Signing Requests (CSR), click on Generate, view, or delete SSL certificate signing requests
- Select the Key you’ve generated (the name you gave in 1.5 above helps)
- Enter your domain name for which you’d like to install SSL
- If you have subdomains, you can generate Wildcard certificates that allow you to secure a domain and any subdomains under that domain – read the ‘advanced option’ section in the page
- Fill in the company details along with the email address
- Set a random alphanumeric Passphrase
- You can leave the Description blank
- Click to Generate the Encoded Certificate Signing (CSR) Request and keep the CSR handy
- Generate the Certificate – Use anyone of the ACME clients that Let’s Encrypt supports to verify that you control a given domain name and to get your certificate; I used SSL for free and the following steps are for the same.
- Goto SSL for free
- Enter the domain name for which you’d want the certificate – Note it has to the same as 2.4 above
- Chose manual verification
- All verification options – FTP, manual or manual (DNS) – are fairly easy but I found manual is a breeze
- Click on Manual verification
- Follow the steps given
- Download the file generated from the link given
- Create 2 folders in your domain; “.well-known” > “acme-challenge”
- Upload the downloaded files to the “acme-challenge” folder
- Verify successful upload by visiting the link given
- Check the “I have my own CSR” box
- Note: SSLforfree can directly generate private keys in your browser using the Web Cryptography API. You can choose this option and not do Steps 1 & 2 above with your hosting service provider.
- Paste the CSR generated from 2.8 above
- Click Download SSL Certificate
- Download the certificate file or copy the CRT and CA Bundle
- Install the Certificate
- Goto your cPanel
- In the Security section, Manage SSL sites under Install and Manage SSL for your site (HTTPS)
- Select your domain name for which you want to setup the certificate
- Now copy CRT, Private Key and CA Bundle
- Click on Install Certificate
- Click on OK
- A few minutes later, check if the site is resolving on HTTPS.
- Most Linux Hosting providers have the mod_rewrite module enabled and you can make use of this module to automatically redirect visitors from HTTP to HTTPS. All you need is the following code in .htaccess file
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://<common_name>%{REQUEST_URI}
- The <common_name> needs is the Name for which the Digital Certificate is issued i.e., 2.4 above.
- Set the Address (URL) to HTTPS
- Login to your WordPress site
- Goto WordPress Dashboard > Settings > General
- Begin both the WordPress Address (URL) and Site Address (URL) with HTTPS
That’s it, you are done with setting up SSL!
