All Domains and Subdomains now have Free SSL Certificates

Here at CleverHost, we enabled the AutoSSL module inside cPanel, and selected Let’s Encrypt as the free SSL certificate provider. What does that mean for you? A few things, like:

  • You do not have to purchase an SSL certificate if you want to secure your site, unless you run an online store.
  • The SSL certificate is already enabled and installed for any valid domain or subdomain hosted with CleverHost.
  • If you have a new domain or subdomain, an SSL certificate will be validated and installed for you within a few hours. No work required.
  • Once the SSL certificate is enabled, all traffic between your site and your visitors is encrypted, preventing man-in-the-middle attacks, snooping on traffic, etc.
An example of how your web domain looks when a valid, signed SSL certificate is in use.

An example of how your web domain looks when a valid, signed SSL certificate is in use.

If you are running an online store and accepting credit cards, you still need to purchase an SSL certificate because the free Let’s Encrypt certificates do not qualify for PCI compliance.

You’re probably wondering how to enable the SSL certificate, and make sure all traffic actually uses the secure version of your website (https://yourdomain.tld). We have you covered! You’ll need two things:

  • An .htaccess file in your website’s root folder (this often already exists if you’re using a content management system like WordPress, Drupal, Statamic, Perch, or Craft)
  • The code that tells the web browser to switch to a secure connection, which goes in the .htaccess file.

Assuming you have found your .htaccess file and have begun editing it, here’s the key piece you need to drop in there, ideally right at the top/beginning of the file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^yourdomain\.tld$ [OR]
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.tld$

And that’s it! Just make sure you change the yourdomain and .tld parts to match your domain, save the file, and voila! Any traffic visiting your website will now see the secure/encrypted version. You may see some errors if you have assets in your code being loaded across the insecure http:// connection. Change those to remove any mention of http://, or switch those references to explicitly state https:// instead. If you continue to run into issues, contact your website developer or CleverHost Expertise for assistance; we’ll get you on the right path!

If you’re not already a customer but want to get started, and take advantage of our free migration service, just head over to Concourse and enter promo code iamclever for 50% off your first Starter, Pro, or Max invoice!