In 2014, it came out that Google was using https as one of their many ranking signals.
Now this is just one of many ranking factors, accepting a miniscule amount of sites etc and not really something you should worry about – I mean hell 99% of the websites you will run https is completely unnecessary – but I can understand why you would want to add it to your websites.
I recieve at least one e-mail per week, often more, asking whether to install it or how to install SSL. I decided to post the guide that I keep e-mailing to people.
Should You Go With HTTPS?
Really, why not? It’s a miniscule price to pay a year, the work involved is about 20 minutes long. There’s really no negatives. And while it’s not something that is really relevant today – Google currently have a boner for “https everywhere” so it could end up being a bigger factor in the future.
For the record – I currently only have SSL certificates on websites that I feel it is necessary, such as websites that take credit card information from users. That’s mainly due to lack of time. If I had infinite time then sure I’d probably put SSL on all my websites just for the hell of it – but there’s always more important things that crop up.
I’ve written this “for dummies” guide to help you install an SSL Certificate on your website. It’s written purely for websites that use cPanel. If you use another setup, the general idea and purposes should still apply.
Where to Purchase an SSL Certificate:
I personally recommend Namecheap. They have a good variety, and are inexpensive compared to many other websites. However practically any hosting company such as GoDaddy will sell SSL Certificates as well.
On Namecheap, hover over “Security” in the navigation bar, and choose “SSL Certificates” in the dropdown.
There’s a ton of different certificates all of which come with different features – ie: Wildcard SSL, which allows you to secure subdomains as well as your main domain.
99% of you are looking for domain protection, which is positiveSSL.
Add it to your cart, purchase it.
Once purchased, go to “Manage SSL Certificates” and find the certificate you just purchased, and click “Activate Now” to begin the process. It will ask you what web server type you are on – choose cPanel, or whatever is yours.
Next, you need your CSR – Certificate Signing Request.
Creating A CSR:
- Login to your websites cpanel, and under “Security” click on “SSL/TLS Manager”.
- Click “Private Keys” to generate a private key.
- Choose 2,048 for key size option and generate it.
- Return to the main SSL/TLS Manager screen.
- Click on Certificate Signing Requests.
- Fill out all of the data the form requests, and of course be sure to put a valid e-mail address. Please note that there is a difference between domains with and without WWW. Unless you are purchasing a more expensive wild card certificate, be sure to include the www. in your domain entry.
- Once filled out, click “Generate” to create the CSR”.
- Click the Edit & View link to see your CSR. This is a long string of gibberish that starts with —–BEGIN CERTIFICATE REQUEST—– and ends with —–END CERTIFICATE REQUEST—–
Getting Your CSR:
- Copy your ENTIRE csr and swap back over to Namecheap, paste the csr into the text box then click next.
- Here you will see a list of “approver emails” this is list of secured emails that SSLs can be sent to. If you aren’t using firstname.lastname@example.org or any of the other provisioned emails, set up a forwarder in your cPanel to make sure you get the email. Pick the email and click Next.
- Double check your details here, be sure the email that shows up is where you want the certificate to go. Click submit.
- If all goes well you will be on a screen with a 1990s looking flow diagram. Now you play the waiting game, depending on what type of certificate you ordered you will first get an email to confirm your purchase. Usually this comes within a few minutes and just asks you to enter a code or click a link to validate.
- Once you have validated your certificate you get to wait a little bit more. Your certificate will be emailed to you, usually in a zip file which you can upload. To save time scroll to the bottom of the email and look for —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– copy this ENTIRE area. This is your Certificate (CRT)
Installing Your Certificate:
- Head back to cPanel, on the main SSL/TLS Manager page, click Certificates, paste the certificate into the text box, click Save Certificate.
- You should get a message saying that the certificate has saved. Click back to the Certificates page, you should now see your certificate in the list at the top. Click the Install link.
- On the install page you should have your CRT and Key filled in. sometimes you may get a message about the Certificate Authority Bundle being invalid, just delete everything in that text box. Click Install Certificate.
- Note: If you don’t have your CRT and KEY filled in, select your domain from the dropdown and click Autofill by Certificate, this usually fetches them.
If all has went well you should be able to navigate to https://www.YourWebsite,com and the site will load nicely.
- Most certificates let you reissue them, so if you make a mistake on the key or csr you can just go and change them in cpanel then go to manage your ssl certs on namecheap and follow the steps to get a new one issued.
- If you still don’t see the certificate working after install try it in a different browser just to be certain, if it’s still not working you may have to reboot apache (you can do this in your WHM if that is available or a quick email to your host will get the job done as well).
- If you have a bad memory set a reminder to renew your certificate next year, you will get an email reminder on this usually but they are very easily sent to spam (I speak from experience here).
- Just because you have an SSL certificate does not mean you are bulletproof. A $10 certificate will in no way stop hackers.