On DiDHost hosting accounts, both the classics as well as those dedicated for WordPress you can benefit from a free certificate Let's Encrypt or use paid certificates that you order from Customer Zone.
This instruction concerns installation of a free SSL certificate and we will focus on this task. It is most often chosen as the primary cryptographic mechanism for data sent to and from a web server, but also for email security. What to do.
Step 1 - Log in to your hosting account panel
You activate the free SSL certificate in your hosting account panel. So you need to log into it. If you do not know how to do it, please refer to the instructions: "How to log into the plesk panel“.
Step 2 - Find a place in the panel with information about the certificate
On the home page, under "Websites and domains" find the section "Security" as on the screen below and click on the link "Certificates".
Step 3 - Selection
The next page, there are three options to choose from.
The first option is to install a free SSL certificate, the second gives the possibility to install a commercial certificate, and the third option is to manage existing certificates in your account. We are definitely interested in the first option. Click on the "Install" button next to the free certificate.
Step 4 - what you want to protect
The default setting is to secure only the domain, e.g. aloj.pl as in our example. However, if you want to extend the protection also to subdomains (so called wildcard) and secure your email communication at once, you can enter the following settings. The email address should of course remain your own 🙂 .
Then click on the "Download for free“.
When you click on this button, a request will be sent to the certificate issuer to issue the certificate. The first thing the issuer will do is perform an initial verification that the domain is correctly pointing to the server from which the request was sent.
If the domain does not lead to your account, e.g. you have not delegated it to DiDHost DNS servers (when the domain is not registered with us) or the delegation process has not finished yet, the initial verification will fail and the certificate cannot be issued. If the domain is registered with DiDHost and you have not made any changes in DNS server name settings, you do not need to do anything.
Step 5 - a moment of patience
When the initial verification is successful, and you have checked the options as in step 4, you will see a screen with a message that the process related to issuing the certificate is in progress. It will look roughly like this:
And here is an important piece of information:
Wait about 15 minutes before clicking on the "Reload" button. You can even close the page and when you come back the same message will still be visible. During these several minutes an additional record will be added to the DNS zone, which will be used by the certificate issuer for the next verification of the domain. If you click the Reload button too early the whole process will have to be restarted.
Step 6 - Certificate information
Once everything is correct you will see information about your SSL certificate and you will also find options on the left side to implement additional security.
- Redirect from http to https - this will cause the site to automatically switch to the protocol using encrypted communication (https) whenever someone tries to run it on the protocol without encryption (http). Thanks to this, you do not have to install any plug-ins or write the related rules in the .htaccess file. The server will take care of it itself!
- HSTS - If you activate this option, launching a page on the http protocol will not be possible at all. You can test this by disabling the first redirection option.
- Secure websites - when this option is active the server will automatically replace expired certificates or self-signed certificates with a free SSL certificate.
- OSCP pooling - improves privacy and may improve site performance. The web server will request certificate status from the CA, not from the user's browser.
The process of issuing and installing SSL certificate is not complicated as you can see. The free certificate is issued for a period of 3 months and now the question is, does this mean that once every 3 months you have to repeat this operation? Fortunately it does not 🙂 - it does not.
The certificate is automatically renewed by the server before its expiry time.
However, if it turns out that for some reason your intervention is necessary, you can issue the certificate "manually" by clicking on the button "Reissue certificate“.
As you can see, you can also completely remove the certificate and start all over from scratch and go to the advanced settings where you will find options to manage your certificates in your hosting account.