SSL (Secure Sockets Layer) is a protocol for authenticating and encrypting data between your website and your visitors.  This is important for any website that engages in transactions or receives any form of sensitive data (user data).   Your visitors expect you to have a secure certificate, indicated by a lock and “HTTPS://” appearing before your domain name.

 

    These can be expensive (hundreds of dollars a year) or FREE.   If you’re like me, you’ll enjoy and prefer the latter.  And you probably know enough to expect that FREE SSL comes with some additional steps.  Here in this quick tutorial, I’ll walk you through everything you need to do, step by step, to acquire and install a FREE (or paid) SSL certificate onto your website.  In my example, we will be installing on a domain hosted by GoDaddy.com.   This also works for other major webhosts including HostGator.com.

 

Create an ZeroSSL account for free.

  1. Navigate to https://www.sslforfree.com/
  2. Enter your domain name (the one you’re setting up SSL for).
  3. Click the big green “Create FREE SSL Certificate” button
  4. You’ll be prompted to sign up for a free account or login if you have an account already.
  5. You must now choose either the FREE 90-day Certificate or the 1-year Certificate (paid version).   Click next step
  6.  You must now verify ownership of the domain.  You can do this a number of ways.  I prefer the manual approach using HTTP File Upload.  For our example here, select “HTTP File Upload.

Domain Verification

The verification process is not difficult but can be tricky.  I’ll walk you through each step.

  1. Download the auth file and remember where you saved it
  2. Upload the file to your webserver to the location indicated.  At the time of writing this blog, it is to: “/.well-known/pki-validation/
  3. Click on the test URL to make sure you uploaded the file to the expected location
  4. If you see the contents of the uploaded file via the test link, click “Next Step” to proceed.

 

 Install the SSL Certificate

  1. Now that zeroSSL has verified your domain ownership, click on “Download SSL Certificate” which downloads a zip file containing 3 files:
    1. ca_bundle.crt
    2. certificate.crt
    3. private.key
  2. Access your website’s cPanel.  This is often accessed by visiting www.[yourdomain.com]/cpanel and locate the tool called “SSL/TLS
  3. You’ll see our (4) options, select the option called “Install and Manage SSL for your site (HTTPS)”
  4. Now select your domain.   Locate the dropdown field that shows your domains and select the domain you wish to install the SSL certificate to.
  5.  You will now copy and paste the contents of the 3 files you previously downloaded into the following text boxes:
    1. Certificate: (CRT)   <—-  certificate.crt
    2. Private Key (KEY) <—–  private.key
    3. Certificate Authority Bundle: (CABUNDLE) <—– ca_bundle.crtusing your trusty text editor (such as notepad or notepad++), copy and paste the full contents of each file above into its respective text box.
  6. Click “Install Certificate” once you’re done
  7. Thats it!   Wait a few minutes and visit your website.  Make sure you replace your http:// with https://

 

Update WordPress

  1. Log into your wordpress website and update the settings so that the site URLs reflect the https:// so that your visitors will always see the secure version of your website.