Stuck at Greengeeks


#21

OK this might be good news I asked GreenGeeks if I generated a unique ssl for each of my domains if they would install the cert for me. Their response:

Please send us your SSL Certificate keys along with this support ticket, we will take care of the installation.

So that being said, what do I do?


#22

Yes, you can for example use ZeroSSL to generate the certificate.

Please keep in mind that you will have to repeat this process at least every three months.


#23

OK I’m looking at it now. Looks like I use the free tools section. Do I do the self signed certificate generator or the free SSL certificate wizard. I see it is asking for some encrypt the key or certificate for me to input. Do I run the self signed certificate generator first and use that information into the wizard after? Please explain.


#24

You’ll want the free SSL certificate generator only. If you don’t have a Let’s Encryph account key already, it will generate one in four browser for you to save for next time. Same thing with the CSR. If you don’t have one already, just put the domain names in the bar above this field and it will generate the CSR for you. You can also save this for next time.


#25

I don’t have anything. I have not signed up for anything.
OK so I should go to this page:

I enter:
Domain.com
Www.domain.com

I copy the two things that are output.
I email those two things to green geeks Per their response above.

Then I figure out what I’m supposed to put in my Htaccess file, and what I need to change in WordPress, and then it will be secure for three months.
At that point I will enter the domain again in the same spot and paste the output to green geeks for them to update it.
Am I understanding this correctly?


#26

Pretty much! Just a couple extra things to clarify. The first time, you’ll actually get 4 pieces of information from ZeroSSL. 1) A Let’s Encrypt account key. This is just for you and identifies your LE account. It’s helpful to have on hand for revocations and renewals. You can paste this back in when you renew in 3 months. 2) A Certificate Signing Request. Same thing, just paste this back in when you renew to make it easier. Neither of these need to go to your hosting provider.

  1. A private key for your certificate. This is important and should be kept safe. You will only get this once, and won’t paste it back in. That CSR has the public key corresponding to your private key in it, so when you renew you’ll just keep using the same private key. You will need to send this to your hosting provider.

  2. the certificate itself. This is not a confidential piece of information, and is the part that expires in three months. You’ll also send this to your hosting provider, and when you renew, this is the piece that will change and you’ll get a new one of.


#27

That page only says key and certificate is generated. Does it take you to another screen for the other information?
Or really what it looks like to me is that you’re saying go to this link first and generate this information:

And then it looks like you’re saying go to this link and generate this information.

Then I copy and paste the private key and the certificate to the host.
Three pieces of information remain the same always and those three pieces of information generate the certificate. Every three months I need to send a private key in new certificate to the host.


#28

Please use only the first of those two tools. They are separate tools, and self-signed certificates are totally useless to you if you’re hosting a public web site.


#29

Uurrggg.
Ok. Schoen i do this tool? using
Domain.com and www.domain.com
https://zerossl.com/free-ssl/#crt

Copy the info. Send what to domain host?
Both?


#30

Yes, you should use that tool and tell it that you want a certificate for domain.com and www.domain.com. At the very end of the process, after your certificate has been issued, the tool will allow you to download/save a private key and a certificate. You’ll need to send both of those to the hosting provider.


#31

Ok. I will do that in the morning. What is the process to renew?


#32

Do the same thing over again. :slight_smile:


#33

Ok cool i can handle that. You have a link or can you give me the step by step of what to do with the htaccess and anything else in wordpress?
Then once that is complete is there a test site to make sure everything is workin?


#34

[quote=“sdbish, post:33, topic:38095”]
You have a link or can you give me the step by step of what to do with the htaccess and anything else in wordpress?[/quote]

Nope, maybe someone else does or you may get better results on a Wordpress forum.

I’d suggest https://www.ssllabs.com/ and https://www.whynopadlock.com/ in terms of checking the correctness/security of your HTTPS setup.


#35

Perfect! Thank you so much forcall of your help! I look forward to getting this done tommorow!


#36

OK. I got it done and everything worked! Did the testing at ssllabs.com and got an A+ score. The only thing that was flagged on the test was DNS CAA is there anything I can do about that?


#37

I’m glad it worked for you, @sdbish. What was the specific error or warning from SSL Labs?


#38

It was DNS CAA whatever that is.


#39

Apparently SSL Labs would like to encourage people to use the CAA mechanism and provides a warning if you don’t.

You could use this mechanism by adding a DNS record to your DNS zone file saying which certificate authorities you would like to be able to issue certificates for your domain.

This does not directly affect the security of your existing certificate or connections to your site. It provides, in theory, a way to discourage certain attacks where someone else later requests a different fake certificate for your site.

In my opinion, this is not really necessary if you don’t already know what it is and you don’t specifically envision people trying to perform sophisticated attacks against your site. You can also see that SSL Labs is still willing to give you the A+ without it, suggesting that it’s not currently a high priority for them either. But if you’re interested, feel free to read the Wikipedia article and consider adding the record to your DNS.


#40

I think all my secret spy info will be safe enough. :grin: Thanks again for all your help!!!