Having your website show as “Not Secure” is not the best way toward gaining visitors’ trust. Web browsers and search engines have as common practice punishing non-secure sites either by warning the user about the lack of a trusted certificate or diminishing the said site’s visibility. To avoid this, it’s in our best interest to ensure our sites have a proper SSL certificate and are using the HTTPS protocol for the secured data exchange between the server and the clients.
Getting an SSL Certificate
The first thing we need is the certificate itself. We should point out that having the certificate does not mean that your site offers a secure connection because the certificate also needs to be installed on the hosting server. That said, to generate an SSL certificate, we need to issue a Certificate Signing Request (CSR) for our domain, and that needs to be signed by a Certificate Authority (CA). On Linux servers, we can create a CSR along with our private key by using the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout /location/mysite.key -out /location/mysite.csr
Note: Substitute /location/mysite.csr and /location/mysite.csr with the actual location of the file. You can change the name “mysite” for your domain name. If you don’t specify the location, the system will create the files in the current directory.
Once we generate the files, we then proceed to purchase the SSL certificate. The process might differ depending on your hosting provider; you can get one for free in some instances, as we will show later on. You can visit our portal and order an SSL certificate. Here is a handy guide on how to do so. If you wish to install an SSL certificate onto an active Nexcess service, see How to install SSL certificates in your Nexcess Cloud (if you are a Cloud client), or How to install SSL certificates in SiteWorx (if you are a non-Cloud client on a physical server). After the validation process, you will be able to install your certificate.
Install an SSL Certificate on cPanel
There are two methods for installing an SSL certificate in cPanel. The first method is via the Web Hosting Manager (WHM), and the second is through the accounts cPanel.
1. WHM installation
If we don’t have access to a Linux terminal, we have the option to create a CSR from WHM by going to Home »SSL/TLS »Generate an SSL Certificate and Signing Request.
After filling the form, we hit “Create” to finish the process:
The system will generate the CSR and private key for “nexcess.stardustziggy.com.” And also a self-signed certificate that you can temporarily use until you get a signed certificate.
Once we have the SSL certificate, we need to go to Home »SSL/TLS »Install an SSL Certificate on a Domain. From there, we can paste the domain into the text box and click “Autofill by Domain.” We can do the same if we have the certificate file, in which case the button “Autofill by Certificate” will appear.
We verify that the information is correct and install the certificate:
2. cPanel Installation
The installation through cPanel is relatively similar to that of WHM. We need to verify that the option “SSL/TLS” is active for the account (WHM’s feature manager handles this). To generate a CSR, we go to SSL/TLS > SSL Certificate Signing Request.
With the SSL certificate at hand, we then proceed to the installation by going to SSL/TLS > Install an SSL Website.
Similar to WHM, we conclude by hitting the installation button:
3. Getting a Free SSL Certificate with cPanel
We can take advantage of cPanel’s “AutoSSL” feature to set up our SSL certificate for free. The only requirement is that the server controls the domain’s DNS or that it resolves to the server. If any of these prerequisites are met, in WHM, we just need to go to:
Home »SSL/TLS »Manage AutoSSL and run the AutoSSL for the domain:
Install an SSL Certificate on Interworx
The process to install the SSL certificate on Interworx is pretty straightforward. We need to access Siteworx > Domains > SSL. From there, we should be able to add all the required files:
Note that you can also generate each one of the required files. In the above image, we have the option to “Generate” a new key.
After all the files are set up, we are all set. Notice that we can also issue a free SSL certificate with Let’s Encrypt by clicking on Generate All With Let’s Encrypt:
Install an SSL Certificate on Plesk
Similar to Interworx and cPanel, we can easily install an SSL certificate on Plesk by going to: Websites & Domains > SSL/TLS Certificates > Add SSL/TLS Certificate:
Notice that we can directly upload the files in their original format or paste the text directly. Similar to other control panels, you can also generate a CSR within that same section:
Install an SSL Certificate: General Procedure
If we have a custom control panel or an unmanaged server, we can follow this general procedure: upload the files to the server and specify them in Apache’s configuration file.
For CentOS servers, the files are usually located in in one of the following locations:
/etc/httpd/httpd.conf
or
/etc/httpd/sites-enabled/name-of-virtualhost.conf
For Ubuntu servers, the location is usually:
/etc/httpd/httpd.conf
You will need to locate the virtual host for the site in the httpd.conf file and update the locations to point to the actual files (the certificate, the private key, and the intermediate certificate). This is the usual syntax:
<VirtualHost xxx.xxx.x.x:443>
DocumentRoot /var/www/nexcess.stardustziggy
ServerName nexcess.stardustziggy.com www.nexcess.stardustziggy.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/nexcess_stardustziggy.crt
SSLCertificateKeyFile /etc/httpd/ssl/nexcess_stardustziggy.com.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt
</VirtualHost>
The files are usually placed in /etc/httpd/ssl. However, feel free to use the location of your choosing. Now we need to test Apache’s configuration by running apachectl configtest. This command will tell if there are any errors with the configuration files or any mismatch between the private and public keys. If everything is correct, we just need to restart the service, and the installation will be complete:
Nexcess# apachectl configtest
Syntax OK
Nexcess# systemctl restart httpd.service
Nexcess# systemctl status httpd.service
● httpd.service -
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running)
Tips and Tricks: Force HTTPS Connections
Even if we have the SSL certificate properly installed, if clients access our site using port 80, they can still get an insecure connection. To correct this, we need to map all requests to secure port 443. Adding this rule at the top of the site’s .htaccess file will do the trick:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Note: Please be sure to first check for potentially conflicting rules to avoid redirection loops and similar issues when modifying the .htaccess file.
Conclusion
As we can see, it’s relatively easy to get and install an SSL certificate on our websites. We can even get them for free without compromising the certificate’s level of security, which is a considerable advance, and something to consider given how crucial trust is for the digital environment.
We Can Help! If you need additional or more specific information about this topic, contact our support team by email or through your Client Portalfor 24-hour assistance any day of the year.