Difference between revisions of "Lets Encrypt"

From XMission Wiki
Jump to: navigation, search
(How to create your own SSL certificate using Let's Encrypt)
 
(17 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
=Let's Encrypt!=
 
=Let's Encrypt!=
Let's Encrypt is a free SSL/CA service created by the Internet Security Research Group (ISRG). It allows its users to create their own SSL/TLS certificate to have secure HTTPS connections to their websites through a free service in their Shared Hosting panel. If you would like to know more about the ISRG or the Let's Encrypt product, please see [https://letsencrypt.org/about/].
+
Securing your website is a key step increasing your site's visibility to search engines and during marketing campaigns. While a free SSL certificate doesn't offer the same liability coverage that a paid SSL certificate can offer, it is still useful for websites that don't collect data. Should your site need to collect customer information, please reach out to [https://xmission.com/contact XMission's Sales team] for more information about ordering a paid SSL certificate.
  
=How to create your own SSL certificate using Let's Encrypt=
+
Let's Encrypt is a free SSL/CA service created by the Internet Security Research Group (ISRG). It allows its users to create their own SSL/TLS certificate to have secure HTTPS connections to their websites through a free service in their Shared Hosting panel. If you would like to know more about the ISRG or the Let's Encrypt product, please see [https://letsencrypt.org/about/ letsencrypt].
1. Log in to your hosting panel at hosting.xmission.com
 
2. Find the "Let's Encrypt!" button under the website you are wanting to add a self-assigned Let's Encrypt SSL certificate for
 
  
[[File:Letsencrypt.png|400px]]
+
==How to create your own SSL certificate using Let's Encrypt==
 +
'''1.''' Log in to your [https://hosting.xmission.com Shared Hosting panel].
  
3. Fill in a contact email in case of a lost key, or you are in need of recovery
+
'''2.''' Click on "'''SSL/TLS Certificate'''" under '''Security''' from the dashboard of the site you want to install Lets Encrypt
* If you wish to have your www website covered by the certificate, check the box "Include www.yourdomain.com" as an alternative domain name."
 
4 Click Renew
 
  
[[File:Letsencrypt2.png]]
+
[[File:pleskSSL-1.png|600px]]
 +
 
 +
'''3.''' Click on '''Install a free basic certificate provided by Let's Encrypt''' located at the bottom of the page.
 +
* '''NOTE''' In order for Let's Encrypt to successfully install your domain's Names Servers need to be hosted by XMission and the "A" and "AAAA" Records must point to the server's IP Address. If you need any help with Name Servers and A Records please visit [[Hosting_a_domain_not_registered_with_XMission | Domain not with XMission]].
 +
 
 +
[[File:PleskLE-1.png|600px]]
 +
 
 +
'''4.''' Fill in a contact email in case of a lost key, renewal failures, or if you are in need of recovery.
 +
* '''Secure the domain name''' - Keep this checked to secure your base domain.
 +
* ''' Secure the wildcard domain''' - If you have subdomains you wish to have covered by the certificate, check this box.
 +
* '''Include a 'www' subdomain for the domain''' - If you wish to have your www website covered by the certificate, check this box.
 +
 
 +
'''5.''' Click "'''Get it free'''"
 +
 
 +
[[File:PleskLE-2.png|600px]]
 +
 
 +
'''6.''' Let's Encrypt verifies the certificate by using DNS, so waiting on propagation is necessary. It is possible to review your domain's DNS propagation using various online services such as [https://whatsmydns.net WhatsMyDNS.Net] and then searching the '''_acme-challenge.'''''yourdomain.tld'' TXT record to see if the rest of the world can see the record.
 +
: '''Note''': DNS commonly goes live in under an hour, but potentially can take up to 24-48 hours to go live globally. Especially if there was a previous record it is replacing and the previous records TTL needs to expire.
 +
* Once the '''_acme-challenge.'''''yourdomain.tld'' TXT record has been confirmed serving, click '''Reload''' to finalize the Let's Encrypt certificate generation.
 +
 
 +
[[File:LetsEncrypt-Reload.png|600px]]
 +
 
 +
'''7.''' Return to the Websites & Domains home page and under the '''Hosting & DNS''' tab, select the listing for '''Hosting Settings'''.
 +
 
 +
[[File:HostingSettings.png|600px]]
 +
 
 +
'''8.''' You will find the '''Security''' section where we can ensure the Let's Encrypt certificate is properly in place.
 +
* '''SSL/TLS support''': Allows the website to be able to use the certificate.
 +
* '''Permanent SEO-safe 301 redirect from HTTP to HTTPS''': Any attempts to load the site without the SSL certificate (over HTTP) will be automatically redirected to the secure version of the page. (over HTTPS)
 +
* '''Certificate''': The default repository is for the certificate Plesk loads which ''will not work for general purposes''. Select the name matching your Let's Encrypt installation process.
 +
: Once completed, select '''Ok''' at the bottom of the page to save and return to the previous page.
 +
 
 +
[[File:HostingSettings-SaveCertificate.png|600px]]
 +
 
 +
The Let's Encrypt Certificate has been fully generated and installed!
 +
 
 +
[[File:HostingSettings-SettingSuccessfullySaved.png|600px]]
 +
 
 +
'''Note''': After completion you will be given a message that states it has saved properly. This indicates the server has marked the change to be implanted to your Apache & Nginx configuration. A regularly occurring CRON job will implement the change within five minutes. You will notice the website briefly give an HTTP 502 error, then it will load the new certificate properly. In case it gets stuck, please contact our 24/7 support team for assistance restarting the related server processes to force it to go live.
 +
 
 +
{{:Shared_Hosting}}
 +
 
 +
[[Category:Shared Hosting]]

Latest revision as of 14:59, 17 March 2023

Let's Encrypt!

Securing your website is a key step increasing your site's visibility to search engines and during marketing campaigns. While a free SSL certificate doesn't offer the same liability coverage that a paid SSL certificate can offer, it is still useful for websites that don't collect data. Should your site need to collect customer information, please reach out to XMission's Sales team for more information about ordering a paid SSL certificate.

Let's Encrypt is a free SSL/CA service created by the Internet Security Research Group (ISRG). It allows its users to create their own SSL/TLS certificate to have secure HTTPS connections to their websites through a free service in their Shared Hosting panel. If you would like to know more about the ISRG or the Let's Encrypt product, please see letsencrypt.

How to create your own SSL certificate using Let's Encrypt

1. Log in to your Shared Hosting panel.

2. Click on "SSL/TLS Certificate" under Security from the dashboard of the site you want to install Lets Encrypt

PleskSSL-1.png

3. Click on Install a free basic certificate provided by Let's Encrypt located at the bottom of the page.

  • NOTE In order for Let's Encrypt to successfully install your domain's Names Servers need to be hosted by XMission and the "A" and "AAAA" Records must point to the server's IP Address. If you need any help with Name Servers and A Records please visit Domain not with XMission.

PleskLE-1.png

4. Fill in a contact email in case of a lost key, renewal failures, or if you are in need of recovery.

  • Secure the domain name - Keep this checked to secure your base domain.
  • Secure the wildcard domain - If you have subdomains you wish to have covered by the certificate, check this box.
  • Include a 'www' subdomain for the domain - If you wish to have your www website covered by the certificate, check this box.

5. Click "Get it free"

PleskLE-2.png

6. Let's Encrypt verifies the certificate by using DNS, so waiting on propagation is necessary. It is possible to review your domain's DNS propagation using various online services such as WhatsMyDNS.Net and then searching the _acme-challenge.yourdomain.tld TXT record to see if the rest of the world can see the record.

Note: DNS commonly goes live in under an hour, but potentially can take up to 24-48 hours to go live globally. Especially if there was a previous record it is replacing and the previous records TTL needs to expire.
  • Once the _acme-challenge.yourdomain.tld TXT record has been confirmed serving, click Reload to finalize the Let's Encrypt certificate generation.

LetsEncrypt-Reload.png

7. Return to the Websites & Domains home page and under the Hosting & DNS tab, select the listing for Hosting Settings.

HostingSettings.png

8. You will find the Security section where we can ensure the Let's Encrypt certificate is properly in place.

  • SSL/TLS support: Allows the website to be able to use the certificate.
  • Permanent SEO-safe 301 redirect from HTTP to HTTPS: Any attempts to load the site without the SSL certificate (over HTTP) will be automatically redirected to the secure version of the page. (over HTTPS)
  • Certificate: The default repository is for the certificate Plesk loads which will not work for general purposes. Select the name matching your Let's Encrypt installation process.
Once completed, select Ok at the bottom of the page to save and return to the previous page.

HostingSettings-SaveCertificate.png

The Let's Encrypt Certificate has been fully generated and installed!

HostingSettings-SettingSuccessfullySaved.png

Note: After completion you will be given a message that states it has saved properly. This indicates the server has marked the change to be implanted to your Apache & Nginx configuration. A regularly occurring CRON job will implement the change within five minutes. You will notice the website briefly give an HTTP 502 error, then it will load the new certificate properly. In case it gets stuck, please contact our 24/7 support team for assistance restarting the related server processes to force it to go live.


Additional Development Help

Applications

Domain Management