How do I add a certificate to my website for HTTPS?

I learned HTML in the late 90s. I have learned just enough since then to make my website seem, hopefully, retro but not dated. I recently learned that my website comes up with a warning if anyone tries to use https instead of http. I need to figure out how to fix this. I used ctrl+shift+i in Chrome and learned that the problem is that it doesn't have a certificate. Since I'm not trying to sell anything or ask for personal info, I thought that this was still OK, but apparently I need to add a certificate because Google Chrome seems to automatically assume https for a URL, and I don't know if a domain level certificate is enough, or if every single page needs its own certificate, or how to add a certificate. I apologize for asking such amateur questions and if there is a thread where this has already been addressed, please just point me to it. I am feeling overwhelmed!

I don't know what some of these terms mean, but I filled out the form as best I could. I could not find all of the answers on my cpanel. Thanks so much for any help!

My domain is: songsofsusannah.com (alias for susannah.x10host.com which is IP 198.91.81.12)

I ran this command: (https://songsofsusannah.com instead of http://songsofsusannah.com)

It produced this output: First a warning that the site wasn't secure: "Your connection is not private

Attackers might be trying to steal your information from susannah.x10host.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

To get Chrome’s highest level of security, turn on enhanced protection,"

then when I clicked through it, it produced a white screen that said, "Apache is functioning normally," instead of displaying my website. This happened in both Chrome and Edge.

My web server is (include version): https://x12.x10hosting.com/ (I think this is what you're asking for; I can't find info about the version).

The operating system my web server runs on is (include version): DirectAdmin Web Control Panel (I use an FTP client).

My hosting provider is: X10hosting

I don't know if I can login to a root shell on my machine.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I usually use FileZilla to FTP, but I have access to a DirectAdmin Web Control Panel as well.

I don't know what a CertBot is. I usually use Filezilla for FTP, version 3.52.0.5

1 Like

Hi @susannah, welcome to the LE community forum :slight_smile:

I'm glad you found us in your search for encryption - LE does secure a great deal of Internet sites.
Unfortunately, it probably isn't the best place for you to start your education on encrypting a website.
There are many different types of situations out there and usually one needs to have some technical access to enable the process.
I would start by speaking with your Hosting Service Provider (HSP) and understand what hosting package you have and how your hosted site can be secured with a certificate.
The step you take next depends entirely on their response.
If your hosting plan includes a control panel, you might simply need to clicks a few buttons to get your site secured.
If they don't, but do allow you, at least enough control to add and operate an ACME client, then you may have to learn about that path and we are certainly here to help and educate you with such.
If they... only offer a paid certificate path, then I would go look for another HSP (that doesn't charge for free things).

So, we are here to help once you know a bit more about exactly what you need help with :slight_smile:

2 Likes

Thanks for the welcome! I've done some digging and this is what I found. My HSP is supposedly using Let's Encrypt. In January, they said that it would take a few weeks to enroll everyone (several thousand accounts), because they had to wait several hours between batches and there would be a backlog for a few weeks.

I'm not sure what I should be doing on my size of things, but it seems to be a misconfiguration, since I'm still getting the same error. I've asked for help in my HSP's support forum, and I hope that they can either resolve it on their side, or else tell me what to do. Maybe my account somehow got left out in the batch of updates. There is no link to SSL in my control panel, and that might be the problem; maybe all I need to do is click a button that simply isn't displaying. Any idea about what else I should do at this phrase? I think all I can do for right now is wait a few days and see if I get a helpful reply from my HSP.

1 Like

If you don't have access to actually run software on the server, where your hoster just handles everything (which sounds likely to be your case), then yes everything's in the hoster's hands. If you're paying them for hosting, support for setting up https should be a normal part of their support they can give you. (Some hosting companies charge more for a secure connection, which is unfortunate, but again it sounds like that's probably not the case for you.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.