Enable Let's Encrypt SSL & FAQ


#1

What is a Let’s Encrypt certificate?

Let’s Encrypt is a certificate authority that provides free certificates for TLS encryption via an automated process. It was built and designed to eliminate the tedious process of manual SSL certificate creation, validation, signing , installation, and renewal of certificates for secure websites, mail, etc.

In order to obtain free Let’s Encrypt certificate the automated process requires that your websites (that you’re trying to secure) is pointing to the server that your attempting to create the certificates on. So if your websites are pointing to another host then you will not be able to obtain a Let’s Encrypt certificate for those websites until you update your websites DNS to point to the correct server.

Jump to the “Let’s Encrypt” FAQ

Enabling the Let’s Encrypt certificate


  1. Login to your WCP control panel.

    Note: You can view our topic on logging into WCP if you need help with this step.

  2. Once logged in if you are not already on the domain in questions control panel page then click on the ‘Hosted Domains’ drop-down from the top of the pages navigation bar. Then click the domain you’re wanting to setup this Let’s Encrypt SSL on.

    Select_Domain


  1. Now that you are controlling the domain you wish to enable the certificate on scroll down to the “SSL” section and click on the icon option for "Let’s Encrypt SSL"

    35 AM


  1. Now you should see each of your domains, sub-domains, and domain aliases. To the right of the domains you will see the Type and a button labeled Add Certificate.


  1. This may take a few moments. Once complete the domain should have a date under the Renews On column. The Add Certificate button will also change to Remove Certificate.



Let's Encrypt FAQ:

Question 1: I noticed that the Let’s Encrypt certificate shows it’s only valid for 3 months. Does this auto-renew at that time?

Answer: Yes, that is correct. These certificates have a short timespan of lasting 3 months, however as long as you have your domain(s) pointing to the same server this certificate is valid for then this will auto-renew on the expiration date. If you update your site(s) to point to another server after the certificate has been created then this will not be able to auto-renew successfully.

Question 2: I have already enabled the Let’s Encrypt for my site, however, I’ve added another domain alias / sub-domain to this account. How can I add this to my existing certificate?

Answer: You can’t add it to an existing certificate, however, you can add a new certificate to the domain by opening the Let’s Encrypt panel, and clicking on Add Certificate.

Question 3: This certificate is free… is it still secure like the paid certificate? Is there a benefit to having a paid certificate?

Answer: Let’s Encrypt offers the same HTTPS encryption as a standard SSL certificate. The paid certificates help to provide more trust for your end-users. For example, many paid certificates offer some amount of insurance that protects the end-user of your website, and some certificates offer a clickable site-seal. The more expensive “Green Bar”(EV) certificates also verify your business identity so that end-users see your business name when connected to the site.

Question 4: Can Let’s Encrypt be used for sites behind CloudFlare?

Answer: Let’s Encrypt requires the domain to be pointed to the server IP. The way CloudFlare works is it protects your server’s IP by having the domain not pointed to your server IP. Therefore Let’s Encrypt will NOT work for sites behind CloudFlare and we recommend instead using CloudFlare’s SSL option.


Server Name Indication (SNI) in IIS