Guide: https installed for free (in 15 minutes) using cPanel

HTTPS installed for free (in 15 minutes) using cPanel


Introduction

Your web site address starts with http://
The site contains interactive elements, such as payment buttons, or text forms etc.
For the visitor, the site is flagged by the browser as 'insecure'.

You need to convert the site to https://
This requires that you obtain an SSL certificate, and install it on your web site.

Thankfully, for the vast majority, this task is extremely easy, and rapidly acomplished.

Be aware that the SSL certificate requires renewing every 90 days.
This guide does not cover renewal methods - you have 90 days to figure that out (auto renewal methods are discussed in the help files below).

Many help files exist - however, unless you have a problem, they need not be read.
(They can be confusing, due to their requirement to cover a variety of circumstances that probably don't apply to you)

Follow the steps outlined below, and you will secure your website.

Note:
Some web hosting services allow their cPanel users access to an AutoSSL plugin.
If you have this plugin available, it may be worthwhile learning how to use it, as it will automatically keep renewing the certificate.

https://github.com/srvrco/getssl/blob/master/other_scripts/cpanel_cert_upload

cPanel & WHM Developer Portal

cPanel & WHM Developer Portal

Otherwise, for an instant fix, the copy and paste method below will buy you time to work out a long term automated solution.

IMPORTANT NOTE

Installing SSL HTTPS on your website is only the first step.
All the traffic to your site must be redirected to the https:// url.

If this is not implemented, your visitors will find themselves on an unsecured site.
See the section: Redirect Visitors to HTTPS (at end of guide)


Method in Brief

Verify that you own the site - copy and paste some blocks of text.

Requirements

cPanel
Text editor - such as Notepad++ or Gedit
File uploader (to the web site) - such as Filezilla or the file manager in cPanel
Disk drive to store the files - perhaps a back up drive, or usb drive etc. (about 6kB space required)


Preparation

Login to cPanel
Scroll to security section, right-click SSL/TLS - new tab
4 links are presented

Open in new tabs:

  • Certificates (CRT)
  • Install and Manage SSL for your site (HTTPS)

File Uploader
In cPanel, open 'File Manager' in a new tab
OR
Connect your file uploader to your web site server (public_html directory)

On your local hard drive, browse the uploader to your 'download' directory.
(you will receive 2 files that must be uploaded to your server)

Connect the storage drive

Launch the text editor
Create 3 new files - saved to storage drive as

  • certificate.txt
  • key.txt
  • ca-bundle.txt

sslforfree.com
Open a new tab for the above site.

Preparation Complete
You have

  • 2 tabs for the cPanel SSL installation.
  • 1 tab for receiving the certificate details.
  • File uploader - locally looking at your download directory, and remotely looking at your server public_html directory.
  • 3 named empty text files open.

You can now start the process.


Method

Note:
During the process, you will see that both name.com & www.name.com are covered by the certificate.
If you have more subdomains eg. name1.name.com name2.name.com, you can type those subdomain names (Leave a space between each domain).

In sslforfree
Enter your web site address, and click 'create'
Follow the instructions that appear before you (they are excellent).

The 2 verification files can be clicked to download.

Using your file manager or uploader

  • Remotely, create/add a new directory in public_html.
    (The instructions indicate the directory name - .well-known)

  • Select that new directory and create/add a new directory (acme-challenge)

  • Upload the 2 verification files to the acme-challenge directory.

The links to both these files are provided
Use the links, and open both files in new tabs, to confirm that a single line of characters are being displayed.
Close those tabs - you have verified ownership of the site.

If the linked pages don't display - check in your file manager/uploader that you have:
Directory .well-known in public_html
Directory acme-challenge in .well-known
2 files in acme-challenge

In sslforfree & text editor
After succesful verification - 3 blocks of text are displayed:

  • certificate
  • key
  • ca-bundle

For each block - select all - copy - paste (into each of the apropriate text files that you created earlier) and save.

In sslforfree & cPanel
Again, select all & copy the certificate block of text.
Switch to the cPanel 'Upload a New Certificate' tab.
Paste the text where instructed.

(you can describe the certificate but this is anyway done automatically - so no need)
Save Certificate.

Switch to the cPanel 'Install an SSL Website' tab.
Select the domain (website)
Click 'Autofill'.
The certificate should appear in the appropriate box.

Switch to sslforfree tab
Click in 'Private Key' box
Select all - copy

Switch to the cPanel 'Install an SSL Website' tab.
Paste the Private Key text into its box.

The CA_Bundle text will autofill into its box (or you could paste it in).

Install Certificate.

Switch to sslforfree
Register an email, to receive an alert when the certificate requires renewal.

Load your web site in the browser (using https://), and see it displayed as https://

Job done?
Almost!


Redirect Visitors to HTTPS

HTTPS is no use at all if your visitors find themselves on a HTTP site.
Thankfully @serverco has provided the code that will solve this problem.
Note; @SilverbackNet has also provided a range of coding options for different server setups, and alternative code to that used below.

Brief
If your site is already using .htaccess you will add the code on a new line.
Otherwise, you will create the file in a text editor and upload it to public_html

Using your file uploader or cPanel File Manager
Browse your local drive to your website directory.
In the root directory, look for the file .htaccess

If it is not present - no problem.
If it is present - rename it .htaccess(pre-https)

Next - look in the remote server public_html directory for .htaccess
If it is present - drag it (download it) to your local drive website directory.

Sensibly - check to see if the file contents match the file on your hardrive.
The objective is to have a backup of the .htaccess file that was on the server.

Using your text editor
Open .htaccess

On a new line; paste the following code (change name.com):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://name.com/$1 [R,L]

Save the file.
Note: if .txt has been added, it must be removed.
the filename is .htaccess

If you found that .htaccess did not exist; simply create a new file in the text editor - paste in the above code - name the file .htaccess - save it to your local drive website directory.

Using your file uploader or cPanel File Manager
Upload .htaccess to public_html directory.


Test

In your browser; enter a http:// url to a page on your website.
It should appear as a https address.

Thats it!
You have enabled https and ensured that your visitors will always be able to use it.
You are now open for business.

Don't forget to renew the certificate every 90 days.
Bookmark, and return to this guide, for future instructions on auto renewal.


Postscript

Consider reading the comments below, for further information, and to gain an understanding of how this guide evolved.

Also consider joining this community, to add your own comments and questions.


Help Files

A)
A script to automatically add the SSL certificates to cpanel

B)


Search Tags
http, https, ssl, tls, cpanel, godaddy, hostgator, sslforfree, free https, free ssl, how to secure a website, how to, implement ssl, install ssl, how to implement https, how do you change http to https, how do i get an ssl certificate for my website, how to get https, http to https, enable https, deploy https, set up ssl, set up https, letsencrypt, install https, https on godaddy, https on hostgator,

2 Likes

cPanel users don’t necessarily need to use external tools like sslforfree.com because there is also more direct Let’s Encrypt integration available from within cPanel, for example the Let’s Encrypt plugin in AutoSSL.

https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin

This is a better solution for most users because it will enable HTTPS on their site more quickly and with fewer steps, and typically renew the certificate automatically.

I appreciate your writing up your experiences for the benefit of cPanel users who can’t or don’t want to use Let’s Encrypt integrations within cPanel, but readers should be aware that the method you describe isn’t the most convenient one available for the majority of cPanel users.

2 Likes

Perhaps, to add, if you are on a cPanel web host that intentionally disables the native AutoSSL function (GoDaddy, HostGator, etc), recognize that your host is putting a profit motive ahead of giving you an easy to use service. Vote with your wallet :slight_smile: .

3 Likes

Thanks for the feedback schoen :slight_smile:

I had no knowledge of the existence of this plugin.
In fact, I had no knowledge at all, of https implementation.
I had to figure it out myself.

It was with huge relief that I found it to be a simple task.

Knowing that there will be many people out there, in the same boat as me; I figured that a ‘guide’ would be a good way of ‘giving back’.

That done; I looked at the plugin document.

Let’s be honest; it is not very user friendly.
It has a huge warning concerning some issues, strongly advising people to read another linked document.
However, that link goes nowhere - the same page simply reloads.

At that point most people are going to switch off.
I did a search and found a doc from inmotion hosting, but no mention of warnings that I could see.

I’m sure, with some studying, it will be much better once automated.
But, to be honest; I’m glad that I’ve got 90 days to get to grips with it.

AutoSSL works on the principle of non-interactivity.

The end-user doesn't need to do anything. His domains will automatically receive certificates shortly after the cPanel account is created.

The fact that you had to go researching how to do this in cPanel in the first place is precisely what AutoSSL was designed to prevent.

Nonetheless, your guide is helpful to those that are stuck on cPanel hosts that have disabled AutoSSL.

1 Like

Ah!
In that case, I couldn't have used the auto-ssl plugin.

So, as it happens, I was stuck with sslforfree - which anyway, I was very grateful for.

That said, I will update the guide, and add the document link.

Does anybody know the correct link for 'manage_auto-ssl'?

Sure, it’s https://documentation.cpanel.net/display/68Docs/Manage+AutoSSL .

However this is only relevant to the web host who runs the WHM server. Normal cPanel users would never need to refer to it, as it protects all domains automatically.

1 Like

Thanks _az

What I'd like to say, and ask you to consider:

Many technical people (such as myself) are well aware of the moment when a new complex field is encountered.

I've managed to drag myself through each web learning process as and when encountered.

HTML, Javascript, CSS - mobile-friendly was the last twat.
You know - need to knock out a website - damn, it has to be mobile friendly :grinning:

The thing is, that it's always another week of studying.

It's great once you've cracked it.
But sometimes, a decision can be taken to blindly follow instructions.

Launch Terminal, copy in the code, hit enter, job done.

I would have had a go with the linked help file, but I wasn't looking forward to it.
The method used terminology that I'd never come across.

When I'm outside of my knowledge field, I prefer single lines of code that should be copied in place.
A set sequence of steps, that can be blindly followed.

Ideally no warnings, but if stated, an optional programming path, or a recovery procedure.

In effect, a guide can be written for a person who is anyway comfortable with the whole environment.
OR
It can be written as a foolproof step by step guide.

During the next 90 days; if I can figure out (with your help) the auto-renewal programming - I'd be happy to write the guide.
:slight_smile:

Added a section on redirecting http urls to https.

Wow!
Implementing this was a huge win.
Thanks to @serverco for providing the code.

I have tried deleting the ‘s’ from https and it simply reloads as https.
‘Winning’ :grinning:

(also thanks to @SilverbackNet for optional code)

The Guide is now getting quite long (it’s normal).
Can we format font size (a la the thread title)?

Different font sizes can really improve the usability of a long guide.
Sections can be found at a glance, using very large, large, and bold fonts.

Also, can internal document links be used?
This would enable an initial chapter index.

At some point, auto renewal must be added; so it’s going to get longer :grinning:

Is there now any need for HSTS?

The headings might be what you want. http://commonmark.org/help/ Some HTML tags are supported, but not <font> or style attributes. Markdown is specifically designed to be unstyled.

1 Like

That was a good link - thanks for that.

The Guide is still in its infancy.
It can be developed on an ongoing basis (with an eye on the monthly close date) :wink:

@SilverbackNet those additional formatting codes really helped.

It’s still early days, but the guide is now looking much better.
Let’s hope it gets indexed :sunglasses:

@serverco Maybe you should make a box link, like Bob Cromwell did (with a really wild photo) :alien:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.