Install Let’s Encrypt SSL on GoDaddy (Practitioner’s Guide)

Let’s Encrypt SSL is the only service that provides digital certificates for free. Let me rephrase that.

Let’s Encrypt is the only service that I trust that provides SSL certificates for free. That in itself is great. In this How To guide, I will transform my own non SSL secure site to SSL secured without spending a dime.install SSL digital certificate for free

Why is an SSL certificate necessary?

SSL certificates authenticate the ownership of a public key by the named certifying authority. It simple terms it shows that the website having it is actually owned by the owners mentioned in the certificate. This helps in preventing scams and access to phishing sites. It is very easy to check the authenticity of a SSL certificate.

wikipedia secure certificate
The secure tag give you confidence that you are safe (though you may NOT always be)

Click on the green lock icon that says ‘Secure’. In the modal window you will see that the Certificate is shown as ‘Valid’. You can even check in detail. Click on the Certificate tab.

You can check out the SSL certificate details as well as the certification path
You can check out the SSL certificate details as well as the certification path

Check the other tabs for the other options. You can try this for any up to date modern browser.

This is how secure websites are shown in the address/omni bar
This is how secure websites are shown in the address/omni bar

The OTHER reason why I suggest you (and I) get this is because it helps in our Google Rankings. I know it may not be totally fair, but Google prioritizes websites that have a SSL certificate installed.

For a data driven analysis, check this page by Neil here. It clearly shows how much having an SSL certificate alone can help and how many websites currently use it today.

So why not get an SSL certificate?

The simple method is to buy an SSL certificate from your website.

You can check your server operating system by this command
The current price for a basic SSL digital certificate is astronomically high

But that costs much more than they are worth. Besides, what’s the fun in getting a single click SSL in the first place? You don’t get to learn anything about how to get the work done anyway.

How to get Let’s Encrypt SSL Certificate

This is my objective. This is the site I am talking about (and my inspiration for this post).

website with digital certificate from lets encrypt
As you can see, the certificate of a particular page is issued by Let’s Encrypt

Currently my site does not have a certificate installed. By the time you are reading this, hopefully it will be certified. So here is the screenshot as of now.

not secure notification the code post
My website was not secured with any SSL certificate

So now let’s follow the steps herein. For the original Let’s Encrypt website, here is the link.

The Get Started post here shows that it recommends using CertBot to get the job done. CertBot itself is actually authorized by Let’s Encrypt. So we are good.

Certbot helps you get Lets Encrypt certificates for your websites
Certbot helps you get Let’s Encrypt certificates for your websites

Here is the problem.

What do you select for ‘Software’ and ‘System’?

Things get a little bit tricky here. If you have some technical knowledge try the following steps.

Steps to find out the Software and System assuming you have a hosting solution

  1. Open the CPanel Admin of your hosting solution.
  2. If you have phpMyAdmin or MySQL databases installed with Linux hosting, you are most probably on Apache.
  3. So Software = Apache.
  4. This is what I am going ahead with.

    certbot apache web hosting service
    Select the appropriate option from the list boxes
  5. Web Hosting Service will not get me anything useful. So let’s find out our operating system of the server.
  6. Login to your account using SSH.

    using putty to install certificates
    Simply ssh to your web server using your preferred client
  7. Run the following command cat /proc/version

    You can check your server operating system by this command
    You can check your server operating system by this command
  8. So, for me the operating system of the server is a Red Hat derivative.
  9. There is no Red Hat 4.4 version available in the list of operating systems. I choose this ‘Other UNIX’

    Select the RHEL option or the other Linux option
    Select the RHEL option or the other Linux option
  10. Download certbot auto installer script and change permission to ‘a+x’

    changing permission of the executable using putty
    changing permission of the executable using putty
  11. I ran into a major issue here.
  12. Apparently, my shared server does not allow me to use the super user command. Fair enough.

    It is a pity that the admin rights are not enabled for my account. Check if yours is.
    It is a pity that the admin rights are not enabled for my account. Check if yours is.

I have to try something else now. Please let me know in the comments section if you can get it done via the ssh terminal itself.

Let’s Encrypt provides multiple options to get this done using several compatible clients that it lists in its own page itself.

I have chosen ZeroSSL. I have found most users try this out. If this works, I can go ahead and try other alternatives.

How to install Let’s Encrypt for my website using ZeroSSL

Problem is that I cannot install anything on my server and execute it from there. So I have the cloud option available to me only. The biggest downside to this is that I won’t be able to auto renew my certificate automatically every three months.

But let’s continue.

  1. Click on the Free SSL Certificate wizard to get started. Enter both your website names here. This should include any subdomain that you may have.Note: CSR is Certificate Signing Request. If you are here doing this for the first time, go ahead assuming that you don’t have one.

    zerossl lets ecnrypt ssl option for free
    Enter both domain name, including your canonical name. For subdomains, you have to do separately.
  2. It will generate the CSR for you. This may take some time. I download the CSR. I will need it later for verification. Click Next to continue.

    Generate the CSR on Zero SSL
    Generate the CSR on Zero SSL
  3. The account key is going to be created now. Wait for sometime for this to be created.Download the Account key as well.

    download account key to get free lets encrypt ssl
    Accept the Let’s Encrypt service agreement and download the key and the CSR
  4. Click Next.Now is the time when I need to verify both the keys. Download both the files here. I will upload them to the path needed.

    verify domain ownership lets encrypt ssl certificate
    Download the files and put them in the locations specified in your webserver
  5. Upload the two files to the public html directory/.well-known/acme-challenge of your server

    Upload the files to the appropriate location using your File Manager
    Upload the files to the appropriate location using your File Manager
  6. Go back to the ZeroSSL page and click on the links created. If you have done all right, you should open pages like this one below.Otherwise, retry the previous step.

    verification is successful for lets encrypt ssl using zerossl
    Clicking on the link should fetch you the result as shown on the ZeroSSL page
  7. Your certificate is now ready. You only have to install it. Keep your CSR and account keys safe. That means every 90 days you will only have to do the previous Step to create a new certificate only. If you lose your CSR and account key, you will have to start from Step 1 again.

    certificate is ready zerossl lets encrypt ssl
    Your free Let’s Encrypt SSL certificate is ready to be deployed
  8. Now visit the SSL/TLS page to install your certificate.

    ssl tls web page godaddy to install and manage ssl certificate
    Install your SSL by clicking on the the ‘Install and Manage…’ link
  9. Click on ‘Install and Manage SSL for your site (HTTPS)Copy the first into the CRT. Then look for the first ‘END CERTIFICATE’ text in it. Cut from that to the end and paste in the Certificate Authority Bundle box.
    enter data into certificate crt generated from zerossl lets encrypt ssl
    Simply paste the copied strings from ZeroSSL to your GoDaddy (or other hosting provider) account’s SSL management console

    install certificate lets encrypt zerossl in godaddy admin panel
    Copy and paste the Certificate Authority Bundle and a green tick should show up on the right
  10. Now copy the private key. Then paste it in the Private key window. Now check if there are green check marks on the side for all the boxes. If all is well, click on the Install Certificate Button.
    Insert the certificate private key for your Lets Encrypt SSL
    Insert the certificate private key for your Let’s Encrypt SSL

    ssl certificate installation successful message godaddy
    Installation of Let’s Encrypt SSL on your website is now complete

Certificate is installed. Keep in mind that this will renew every 90 days. So I will have to set a Google Calender reminder to do this every 3 months manually.

How did it turn out

Wait a moment folks!

There are 4 things you need to do to make sure things went well.

Last 3 Steps to use Let’s Encrypt SSL on your website

  1. Upload and check the following in your .htaccess file
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # BEGIN WordPress
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    </IfModule>

    Source: Http to https using cPanel (GoDaddy)

  2. Go to your WordPress General settings and change your baseurl. Change both the urls from http to https.

    Change the base urls of both to https
    Change the base urls of both to https
  3. In the database (usually MySQL and accessible via PhpMyAdmin) you need to change the post content from http to https. This may not be necessary if it is set to relative url. I recommend using Better Search and Replace plugin to get this done. Recheck everything later (and backup manually) on phpMyAdmin just to be safe.

    Use Better Search replace to replace the http links in your database without messing with the database directly
    Use Better Search replace to replace the http links in your database without messing with the database directly
  4. If you are using srcset attributes, there is a chance that your images may still want to load from http instead of https. Load up your theme’s functions.php and add these lines such that it looks like this below.
    function ssl_srcset( $sources ) {
      foreach ( $sources as &$source ) {
        $source['url'] = set_url_scheme( $source['url'], 'https' );
      }
      return $sources;
    }
    add_filter( 'wp_calculate_image_srcset', 'ssl_srcset' );

    Update the file and you are done.

    fixing srcset in wordpress theme functions.php to load correct files
    Edit the theme functions.php and enter the code as mentioned herein

Time for results

You should have a beautiful Secure Lock icon showing in the address bar (as mine is showing already!)

Working Let's Encrypt SSL certificate now secures my blog
Working Let’s Encrypt SSL certificate now secures my blog

In case something does not work, let me know in the comments below and I will do my best to resolve them.

Thanks and keep sharing.