Contents:

A few years ago, only the most important websites on the Web had an SSL certificate installed. The SSL certificates used to be pretty expensive, and only the big companies usually purchased them.

Since a few years, the SSL certificates have become more affordable, and more website owners have realized the importance of them.

Google had a significant contribution to the extent of the popularity of the SSL certificates after announcing in 2014 on the official blog that HTTPS will become a ranking signal for Google Search. That meant that the sites that have an SSL certificate installed will have a slightly SEO advantage over the sites without it.

What is an SSL Certificate?

The term "SSL" stands for Secure Sockets Layer.

An SSL certificate provides an encrypted and more secure exchange of data between a Web server and an internet browser.

When a website has an SSL certificate installed and configured properly, the domain name and all the site pages will become accessible only with the HTTPS protocol in front of the URL.

For example, before I have installed an SSL certificate for one of my domain names, it was accessible only via the standard "HTTP://" protocol.

http://antreno.com

After I have purchased and installed an SSL certificate, my website has also become accessible via HTTPS.

https://antreno.com

Also, if you look at the address bar of your web browser, you should see that every page of my site has a lock before the URL (or a "Secure" label, depending on what web browser you are using). If you click the lock icon, you should see a "Secure connection" text as in the screenshot below. 

Benefits of SSL Certificates

Improved website security

The main benefit of having an SSL certificate installed on your website is the improved security for the data that's being transferred between the web browser and your server.

A secure connection is a must for every site that stores highly sensitive customer data, such as credit card information, Social Security numbers, email addresses, phone numbers, home addresses, and so on.

An HTTPS connection will add an extra layer of security to your site and will make harder for an attacker to steal your or the information of your customers.

Better SEO score and rankings

As I have already mentioned, an SSL certificate can also give your site a slight SEO advantage in front of your competitors. While this is not yet a major SEO factor, it's still something that shouldn't be neglected.

About 7 out of 10 websites displayed on the first page of Google for highly-competitive keywords have now a secure connection. 

Gain more trust from customers

Another benefit of an SSL certificate is that your website will gain more trust from customers, especially if you run an online store.

If your site doesn't have an SSL certificate installed, your visitors will see a "Not Secure" message or a lock cut with a vertical line before the address of your website when they access pages containing password and credit card input fields. This alone can easily scare your potential customers.

Usually, the companies that issue these certificates will also allow you to display a trust logo on your site.

Here's an example for an SSL Certificate issued by Comodo.

When some of your customers see that logo, they will perceive your company as a more legitimate business, and it's more likely that they will end up purchasing your products.

Types of SSL Certificates

There are multiple types of SSL certificates and their prices vary based on several features and advantages. 

The more expensive certificates can be used for multiple domain names and subdomains, have a higher warranty and assurance, can include additional website scanning tools, and so on. 

Some of these certificates will require only some basic information about your business and can be installed immediately, while others will request detailed information and documents about you and your business. 

Below are a few of the most common SSL certificate types for personal sites.

Let's Encrypt

Let's Encrypt is a free SSL certificate delivered to you by the non-profit Internet Security Research Group (ISRG).

I think Let's Encrypt is the only free SSL certificate. 

A Let's Encrypt certificate is only valid for 90 days and you'll have to renew it after this period to for your website to be still accessible via HTTPS.

cPanel, Vesta CP, and other web hosting panels can renew your Let's Encrypt certificate automatically. You can find more details about Let's Encrypt on the official website.

Let's Encrypt also has a few compatibility issues with the older web browsers, but I think that's also the case for the majority of other SSL certificates.

PositiveSSL

PositiveSSL is probably the cheapest SSL certificate you can buy.

This is the certificate type I use for my blog and all my other websites. It can only be used for a single domain name, has a low assurance, but it's perfect for a blog or a personal site that doesn't store very sensitive data (like customers' credit card information).

PositiveSSL only requires a few simple information about you and your business and can be implemented quickly.

This certificate also has a more expensive version called PositiveSSL Multi-Domain.

PositiveSSL Multi-Domain includes the same features as PositiveSSL, but this version can be used for multiple domain names and has no warranty.

EssentialSSL

EssentialSSL can be installed for a single domain name and is very similar to PositiveSSL.

The only two differences between these two are that EssentialSSL has a medium assurance, and it's not only recommended for personal sites, but also for e-commerce sites that store more customer information.

PositiveSSL Wildcard

This is another great choice for personal sites. 

PositiveSSL Wildcard can be used for a single domain name with all its subdomains, but it's a bit more expensive.

If you have many subdomains, this is a perfect choice. Otherwise, if you only have two or three subdomains which need a secure connection, you'll save more money if you purchase multiple PositiveSSL certificates instead. 

Other

These are a few of the most affordable certificates available on the market. All are suitable for personal websites and don't require paperwork for validation. 

There are several other types designed for e-commerce sites and large organizations. Those types require more paperwork but have a higher warranty and assurance.

You can see a list of more SSL certificate types on SSLS.com. This site also lets you quickly make a side-by-side comparison between the available certificates.

Where To Buy SSL Certificate?

The major domain name registrars also sell SSL certificates. 

I usually purchase an SSL certificate when I register the domain name.

The company where I register all my domain names is Namecheap.

If I want to install a certificate for one of my existing domain names, I usually purchase them from ssls.com. 

When I only need a certificate for a single domain name, I typically purchase "PositiveSSL." At the time I write this post, ssls.com sells it for only $4.99 per year if you buy it for 3 years. 

I use PositiveSSL for websitemaster.org and many of my domain names. I firmly believe that $5 per year it's a very affordable price for anyone. 

Installing an SSL certificate requires a bit of work, but I'm going to take you through all the steps.

Purchase An SSL Certificate

I will assume you are purchasing an SSL certificate for an already register domain name. I will use SSLS.com as a reference for this tutorial because that's what I use.

Therefore, head to SSLS.com.

From the list of certificate types, choose the one that best fits your needs.

Once you've decided to one type, click on the shopping cart icon to add it to your cart.

I will just purchase the cheapest SSL certificate, which is PositiveSSL.

You should then be redirected to your shopping cart. If not, click on the cart button in the menu.

Click the "Checkout" button to place your order. You'll be asked to register an account if you don't have one already.

You can pay with a credit/debit card, PayPal, the funds in your account, or even Bitcoin. 

Choose your preferred payment method and fill up your personal or your company's details if required and make the payment.

After you submit the payment, you should be redirected to the following page.

You can click the "Activate" button, or go to the user certificates menu.

If you click on activate, you'll be taken straight to the SSL certificate activation and you'll be asked to enter a CSR (you won't have one yet, but I will tell you exactly how to obtain one).

Under the user certificates section, you can see all your certificates purchased from SSLS.com, their expiration dates, their status, and the domain name where the certificate is active. The time until the expiration date will only start since the moment you activate the certificate.

Activate SSL Certificate

After purchasing an SSL certificate, you'll have to install it using the web hosting management panel used by your web hosting provider.

Most of the popular web hosting companies use a software called cPanel.

If your web hosting provider uses something else, or if you host your website on a VPS or a dedicated server, then your hosting management panel will look differently. However, the process will be quite similar.

To start the installation process, log in to your web hosting management panel. If your web hosting company uses cPanel, you can simply type the URL of your domain name preceded by "/cpanel" and you should be redirected to the management panel.

Example:

http://example.com/cpanel

Once logged in, look for a section called "Security" and an icon called "SSL/TLS Manager" or "SSL/TLS."

The interface of your cPanel might look slightly different from what you see in my screenshots based on the version of cPanel, language, and style.

The next page should look similar to what you see in the screenshot below.

Click on "Generate, view, or delete SSL certificate signing requests" link under "Certificate Signing Requests (CSR)."

Fill up the domain name, your personal or your company's details as follow.

If you've purchased an SSL certificate that also supports subdomains, besides the domain name, on a new line, you also need to add an asterisk before the domain name as follows.

*.example.com

You don't have to specify a "Company Division," "Passphrase" and "Description."

Click the "Generate" button to create the CSR code.

If your CSR has been generated successfully, you should see a confirmation message at the top of the page and an encoded certificate signing request.

Copy the full code from "Encoded Certificate Signing Request," including the following lines:

-----BEGIN CERTIFICATE REQUEST-----

-----END CERTIFICATE REQUEST-----

Leave the browser tab open, or copy the code from "Encoded Key" and paste it into a text file (.txt). You will need this key later.

Next, log in to your SSLS.com account and go to your list of purchased certificates.

If your certificate hasn't been yet activated, under the "Status" column you should see a "New" button. Click that button and an "Activate" option will appear.

Click on "Activate" and you'll be taken to the certificate activation page.

In the form that shows up, you'll be asked to enter a CSR code.

Paste the CSR code copied previously from "Encoded Certificate Signing Request" and click on "READ MY CSR" button.

Your CSR should now be decoded and see some of the information entered when you have generated the Certificate Signing Request code.

Unless you are sure your site is hosted on a Windows or a Java Tomcat server, leave the default "Any Other server (ex. Apache)" option selected.

If all the displayed information is correct, click on "LOOKS GOOD, ONWARD" button. Otherwise, go back and regenerate your CSR.

On the next page, you will be notified that the certificate works both on the non-www and also on the www version of your domain name.

There’s nothing to do here. Just click the “ONWARD” button.

On the next step, you will have to confirm that you are the owner of the domain name for which you want to install the SSL certificate.

You have two options.

1. Upload a file to /.well-known/pki-validation/ directory inside the root of your site.

To confirm you are the owner of the domain name using this method, you'll have to go to the root directory of your website, create a directory called ".well-known", inside it create another folder called "pki-validation", and inside this directory upload a file you can download from the next step.

I usually find this to be the simplest method.

2. Receive an email to one from several email addresses that belong to your domain name.

If you want to confirm the ownership of your domain name using this second approach, you'll need first to have one of the following email addresses (of course, instead "yourdomain.com," it should be your domain name).

I usually just choose the first validation method.

After you choose your preferred confirmation method, click on "GOT IT, ONWARD."

On the next page, you must enter a few details about you and your company. If you don't have a company, just enter your full name for the "Company Name" option.

Click on "ONWARD" to proceed to the next step.

Depending on the chosen domain name ownership verification method, you will be asked to upload a file to "/.well-known/pki-validation/" public directory of your website or receive an email on one of the email addresses listed above.

I chose to upload a file.

If you've chosen the same method, click on "SAVE ACTIVATION FILE" button to download the file you must upload to your host.

A text file will now download to your computer. 

With the help of your cPanel File Manager, or an FTP client, you must place this file to "/.well-known/pki-validation/" public directory of your site. If that location doesn't exist by default, you'll have to create it.

I'll use cPanel's built-in File Manager just to keep the things simple.

Go to your web hosting management panel again and look for a section called "Files."

Under that panel, you should see an icon called "File Manager." Click it to access cPanel's file manager.

Navigate to the "public_html" or "www" directory from the root of your site.

If you haven't installed yet a script for your site, you should only see an empty folder or a "cgi-bin" directory. Otherwise, if you have already installed WordPress or another software, you should see its files.

Next, we'll have to make sure that the file manager allows us to see the directories that start with a dot (.). This option is usually disabled by default.

To display the hidden folders in cPanel's file manager, click the "Settings" button from the top-right of the page.

If the "Show Hidden Files (dotfiles)" option is unchecked, enable it and hit the save button.

Now, you should be able to see the hidden files and folders.

If you don't see a directory called ".well-known" inside the root of your site, create it by clicking on "+Folder" from the top menu.

In the "New Folder Name" input, type ".well-known" (don't forget to add the dot) and make sure that the new folder will be created inside the root directory of your domain name.

Click on "Create New Folder" for the new directory to be created.

You should now be able to see the ".well-known" directory.

Access it and inside it, create a new folder called "pki-validation."

Now, move inside the "pki-validation" directory and upload the verification text file downloaded previously.

To do that, click on "+Upload" button from the main menu.

Select the text file from your computer and upload it to your web server.

Go back to the file manager and make sure that the verification file has been successfully uploaded to "/.well-known/pki-validation/" and it's publicly accessible.

Well done. Now that you have uploaded the verification file, you need to wait for your site to be checked and have your SSL certificate issued and sent to your email address.

You can check the status of your certificate on the user certificates page from your SSLS.com account.

The status of your new certificate will have an "In progress" status until your website ownership is verified and your certificate is issued.

It might take a while for your certificate to be issued, so be patient. Once it's ready, you will receive an email containing the certificate in a .crt file and a .ca-bundle file.

Once your certificate has been created, you can install it.

Install SSL Certificate

Now that you have activated your SSL certificate and confirmed the ownership of the domain name, you need to install the certificate you have received. You can easily do that with cPanel.

Go again to your web hosting management panel and click on "SSL/TLS" icon from "Security" section.

Now, click on "Manage SSL Sites" link and leave this page open in your web browser.

Open the email that contains the certificate files.

You should find the certificate files in an attached .zip archive.

Download the archive to your computer and extract it. You can extract it with WinRAR, Windows built-in extractor, 7-Zip, etc.

Now, you should see two files inside, named based on your domain name.

Open the file with ".crt" extension with any text editor (WordPad, Notepad++, etc.) and copy all the code inside.

Go back to the "Manage SSL Sites" page opened previously.

Select your domain name from the domains list and paste the certificate text copied from the CRT file to the "Certificate: (CRT)" option.

In the field called "Private Key (KEY)", paste the private key generated once with the CSR and saved in a text file at a previous step.

Next, open the file with the ".ca-bundle" received once with your CRT certificate in a text editor and copy all the text inside.

Paste the text inside the "Certificate Authority Bundle: (CABUNDLE)" option.

After you fill up all these required fields, click on "Install Certificate" button to install the SSL certificate to your server.

If the certificate has been successfully installed, you should see the following message.

Redirect HTTP requests to HTTPS

You have now the SSL certificate installed on your server. The last step is to redirect all the requests made to the HTTP version of your site to HTTPS.

WordPress

If you are using WordPress, you can easily redirect all the HTTP requests to HTTPS with the help of a plugin called Really Simple SSL.

Install the plugin and go to "Settings-->SSL-->Settings tab" to configure the available settings.

Set the options as in the screenshot below.

Every HTTP request should now be redirected to HTTPS.

Apache

If you don't use WordPress, but your web server runs on Apache software, you can make the redirects by editing the .htaccess file from the root of your site's public directory.

Using the cPanel File Manager or an FTP client, add a .htaccess file to the root of your website. Make sure that "Show Hidden Files" option is enabled in file manager to see this file type.

If there's already a .htaccess file, just edit it with a text editor and add the following code at the bottom.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Nginx

If your site is hosted on a VPS, or a dedicated server and runs on Nginx, you'll have to edit your server's Nginx config files to make the redirects. More info here.

The location of these files varies based on your server's operating system, management panel, etc.

I use VestaCP for several of my sites hosted on a VPS. 

VestaCP has two Nginx configuration files. One file handles the HTTP requests and the other one the HTTPS requests.

To redirect the HTTP requests to HTTPS, I need to add the following line to the "server" block of nginx.conf file (located at /home/$user/conf/web/nginx.conf).

return 301 https://$server_name$request_uri;

Then, I need to add the following line to the "server" block of snginx.conf file (located at /home/$user/conf/web/snginx.conf).

add_header Strict-Transport-Security “max-age=31536000” always;

VestaCP already adds the correct ports and the paths to the SSL certificate files. Other management panels might not do that and you may have to make more changes.

After you make the changes to your server's configuration files, you'll have to restart Nginx for the changes to be applied.

Final Word

An SSL certificate is a way to strengthen the security of your website, earn the trust of your customers, and also a ranking signal for Google Search.

Lately, the prices of the SSL certificates have become very affordable for the regular persons, and I believe that every site should have one, regardless if it's the site of a company or just a personal blog.

The SSL certificate installation process is not yet a one-click installation, and it requires a bit of technical understanding and server tweaks for everything to work correctly. However, I hope that this tutorial about how to install SSL certificate on your website will make this process smoother and easier to understand.

Leave a Comment