until recently I was really intimidated about adding a free SSL certificate to my Portfolio site. I knew that I should have a certificate in place because of the effect on Google ranking and just to be secure in general but I had herd horror stories of this process being really involved with changing of server setting etc. It was just scary so I avoided it at all costs.
Be Brave and Attempt Adding SSL To Your Site
Well I finally felt brave enough today, bit the bullet and added the free certificate from Let’s Encrypt and honestly it was not bad at all. I mean it folks, why pay the GoDaddy the cost of SSl which is currently $59.99 a year per website. With less than 30 minutes of work you will be able to add a certificate that works just as well on your own. There is one downfall of Let’s Encrypt and that is the fact that you will have to repeat this process every 90 days, but when you see how simple the process actually is, I think you will be on board.
I was able to find a video on YouTube that will walk you most of the way through the process and I would rec recommend watching it. https://www.youtube.com/watch?v=GPcznB74GPs Watch the video and follow the steps and you will be successful, but just in case you don’t want to watch, I will walk you through the steps here as well.
1.The first thing that you need to do is go to the website zerossl.com. This is a web application that will help you set up the Let’s Encrypt certificate for your website. Once you are here, click on Online Tools. Then click on the Free SSL Certificate Wizard. This will open a screen where you will need to enter your domain name with and without the www. at the beginning. You will also need to check the two boxes and accept ZeroSSL TOS and Let’s Encrypt SA. This process will generate a CSR file which you should download a copy of just so you have a backup. You will then click the NEXT button in the upper right corner. This generates the account keys for your certificate. You will need to download both files and save them for the next step.
2. The next step is to log into your GoDaddy account and gain access to your Cpanel. Here you will need to open your file manager. and find either the root area, or if you have split your hosting into multiple sections you will need to click on the folder for the site you’re adding the certificate to. For example I added a certificate to my project site : mcdougalllakeproject.com and I added this certificate directly to the mcdougalllakeproject folder. Once you have found the section you need you are going to create 2 folders. The first being a folder called .well-know. Then search for this folder using the search feature on top and add another folder within this folder called acme-challenge. It is very important to use the exact names for these folders.
3. Now that you have the proper folder structure you will need to upload the 2 files that you downloaded into the acme-challenge folder. you can check to make sure things are working properly by going back to zerossl.com and clicking the links. Your certificates keys should display when you click on these links. You will then click the NEXT button. If everything went well and you will be able to download 2 forms so that you have a proper backup.
4. Now return to CPanel and scroll down to find SSL/TLS and click the icon. Then click on Install and Manage SSL for your site. Here you can select the domain that you want to install the certificate for. You will then return to the ZeroSSL site and copy the certificate and the private key. The certificate download file contains 2 sections of code. The first section will go in the top box and the second section will go in the bottom box. You then have to past the code from the private key section into the middle box. You should see green check marks next to each box to assure you that you have done things correctly. Then click the Install Certificate button.
5. Now go to your website and add the https:// in front of the url, you should see the green lock and secure symbol in place. The next step is to either add in code to redirect the url structure. Or if you are like me you prefer the non-code option, you can just log into your WordPress dashboard and under settings > general change the url of your website to include the https:// before it. You are not quite finished though. Since WordPress codes all image and links relative to the site you will find broken links. I recommend a plugin called SSL Insecure Content Fixer. This will surely take care of your problem. This plugin can be downloaded directly from the plugin repository. Download the plugin, activate it and find the settings in the Settings section. There are different levels of fixing and they recommend you start with the least level of fixing and work your way up. I needed to use the Capture All setting to fix my portfolio site, and that is it. You should now have a properly secured website.
6. Hopefully just like me you’ll see that this process is not so tough. Give it a shot and watch the YouTube video for help. SSL certificates are no longer a scary thing for me. Hopefully you will feel the same way after you attempt to add a certificate to your site.