Lets Encrypt

From XMission Wiki
Jump to: navigation, search

Let's Encrypt!

Securing your website is a key step increasing your site's visibility to search engines and during marketing campaigns. While a free SSL certificate doesn't offer the same liability coverage that a paid SSL certificate can offer, it is still useful for websites that don't collect data. Should your site need to collect customer information, please reach out to XMission's Sales team for more information about ordering a paid SSL certificate.

Let's Encrypt is a free SSL/CA service created by the Internet Security Research Group (ISRG). It allows its users to create their own SSL/TLS certificate to have secure HTTPS connections to their websites through a free service in their Shared Hosting panel. If you would like to know more about the ISRG or the Let's Encrypt product, please see letsencrypt.

How to create your own SSL certificate using Let's Encrypt

1. Log in to your Shared Hosting panel.

2. Click on "SSL/TLS Certificate" under Security from the dashboard of the site you want to install Lets Encrypt


3. Click on Install a free basic certificate provided by Let's Encrypt located at the bottom of the page.

  • NOTE In order for Let's Encrypt to successfully install your domain's Names Servers need to be hosted by XMission and the "A" and "AAAA" Records must point to the server's IP Address. If you need any help with Name Servers and A Records please visit Domain not with XMission.


4. Fill in a contact email in case of a lost key, renewal failures, or if you are in need of recovery.

  • Secure the domain name - Keep this checked to secure your base domain.
  • Secure the wildcard domain - If you have subdomains you wish to have covered by the certificate, check this box.
  • Include a 'www' subdomain for the domain - If you wish to have your www website covered by the certificate, check this box.

5. Click "Get it free"


6. Let's Encrypt verifies the certificate by using DNS, so waiting on propagation is necessary. It is possible to review your domain's DNS propagation using various online services such as WhatsMyDNS.Net and then searching the _acme-challenge.yourdomain.tld TXT record to see if the rest of the world can see the record.

Note: DNS commonly goes live in under an hour, but potentially can take up to 24-48 hours to go live globally. Especially if there was a previous record it is replacing and the previous records TTL needs to expire.
  • Once the _acme-challenge.yourdomain.tld TXT record has been confirmed serving, click Reload to finalize the Let's Encrypt certificate generation.


7. Return to the Websites & Domains home page and under the Hosting & DNS tab, select the listing for Hosting Settings.


8. You will find the Security section where we can ensure the Let's Encrypt certificate is properly in place.

  • SSL/TLS support: Allows the website to be able to use the certificate.
  • Permanent SEO-safe 301 redirect from HTTP to HTTPS: Any attempts to load the site without the SSL certificate (over HTTP) will be automatically redirected to the secure version of the page. (over HTTPS)
  • Certificate: The default repository is for the certificate Plesk loads which will not work for general purposes. Select the name matching your Let's Encrypt installation process.
Once completed, select Ok at the bottom of the page to save and return to the previous page.


The Let's Encrypt Certificate has been fully generated and installed!


Note: After completion you will be given a message that states it has saved properly. This indicates the server has marked the change to be implanted to your Apache & Nginx configuration. A regularly occurring CRON job will implement the change within five minutes. You will notice the website briefly give an HTTP 502 error, then it will load the new certificate properly. In case it gets stuck, please contact our 24/7 support team for assistance restarting the related server processes to force it to go live.

Additional Development Help


Domain Management