How to Install Free SSL from Let’s Encrypt in WordPress

Post Series: HTTPS & SSL Guide for WordPress
  1. 1.HTTPS for WordPress: What It Is & Why It’s Becoming More Important
  2. 2.How to Install Free SSL from Let’s Encrypt in WordPress

In my previous article I explored why having an HTTPS site is better, why it was not widely adopted in the past and why it was severely limited (technology wise). This changed so rapidly with the advances in technology that having an HTTPS site now is not just a recommendation, it’s a viable option for newWordPress installations.

Even though many hosting companies are beginning offer built-in support for free SSL certificates from Let’s Encrypt not all hosts have jumped on board. In this article I’m going to cover several ways to manually implement a free SSL within WordPress depending on your hosting scenario. Let’s get into it!

Generate a Free SSL Certificate

There are several ways to generate a Let’s Encrypt certificate. In this section I’m going to explain how you can create and install SSL depending on your method of choice. After the certificate is generated when then proceed to Load the Certificate. Use whatever method you feel best according to your needs.

Through ZeroSSL Online

ZeroSSL is a wonderful way of generating a Let’s Encrypt certificate without having to touch a single configuration file on your hosting. The website is an online tool, and after generating the certificate it gives you the file contents so you can load them onto your hosting provider of choice.

zerossl-website

Installation is not recommended since the process is not novice friendly and there are much better ways to generate the certificate than having to install all the software required. The alternative Online Tools option on the contrary, is excellent. Just click the button to get started.

zerossl-website-01

After loading your e-mail address, your domain name and accepting the TOS you’ll generate your very own Certificate Request. It’s important to know that the best alternative if you plan on having compatibility with the vast majority of panels is to use the DNS verification.

Once you generate your CSR click the “Next” button to generate your certificate KEY. It will only take a moment. Copy-paste the Key once it’s generated and save it onto a safe place. But don’t use a rich-text editor since that kind of software will add additional characters that could potentially interfere with the code of the certificate and key. It must be saved as TXT with no format and exactly the way it is given, without removing anything.

zerossl-website-02

After the key is generated and correctly copied or saved onto your computer you will be asked to verify the domain record. For this step you need to access your control panel and add a TXT record exactly as it is displayed on the screen (we explain how to do this later in the post). Once the record has been added, you’ll need to wait at least 5 minutes for the changes to propagate, hit Next afterwards.

If everything is working ZeroSSL will generate your certificate and give you a Congratulations page with a chance to save the Actual Certificate and the Certificate Authority Bundle.

The good thing about this method is that it doesn’t involve installing anything in WordPress or your hosting panel but with the downside that you have to re-create the certificate once each 60 days, which is not something you’ll want to do if you have tons of websites to manage. It’s a good method for fast adding a certificate into a site even if it’s not WordPress and since it’s general, it can work on any system.

Through Certbot on your own VPS/Server

If you’re on Debian 8 on your own VPS, the installation of is very simple, simple add this line of code:

sudo apt-get install certbot -t jessie-backports

Remember that you need to stop your current webserver so the port 80 is free for certbot to run properly, this can be done like this:

service httpd stop
service nginx stop

After that, the only thing you need to do to acquire a certificate is to run this line for the interactive process to start:

certbot certonly

If you’re on CentOS you need to install certbot like this:

sudo yum install epel-release
sudo yum install certbot

And do the same as Debian. The process is automatic but you need to be aware on how to properly manage the files and adding them to your virtualhosts file be it either apache or nginx. For more reference you can check out the Certbot site.

Through WordPress Let’s Encrypt Plugin

wp-lets-encrypt-plugin

This is about the simplest way of adding a certificate if you’re on WordPress, even if you own a VPS, this way is far more simpler than having Certbot do the work since it’s fully automatic. It uses a plugin called WP Let’s Encrypt which can be downloaded from WordPress.org.

Once the plugin has been loaded you need to register your site on the plugin, like this:

wp-lets-encrypt-plugin-01

I recommend setting the option to Auto-generate Certificate to be always active as with the option Expire Warnings. This way if something goes wrong, you will always be warned about possible expirations. After this information is completed you will then proceed to Register your account. This allows the plugin to directly connect with Let’s Encrypt servers and this will effectively remove the process of having to validate your domain (which is not only cool but saves time too!).

wp-lets-encrypt-plugin-02

Here is the tricky part. After the certificate is generated and fully activated you will notice that the path to the actual files is not within the “public_html” folder so you will have to manually download those files to load the certificate into your control panel (again – we explain how to load certificates in the next section).

Since the certificate will be the same when the plugin reissues the certification after 60 days you will not need to do this process again effectively creating a self-maintained system, so it’s only tricky the first time.

Load Your SSL Certificate

Now that you’ve chosen the method that best fits your needs and you have the generated certificate, let’s load it onto your panel. If you’re on cPanel or Vesta or any other panel you need to use the File Explorer or FTP (we like to use Transmit or Filezilla for this) and download the following files (note: the route to these files is always provided by the WordPress plugin once the certificate was generated):

  • cert.pem
  • private.pem
  • chain.pem

After you have the files you can continue with the next step.

cPanel

For cPanel the process is pretty straightforward and involves loading the certification into the SSL/TLS menu. To access this menu you can simply type “SSL” into your cPanel search.

cpanel-01

You need to access the Install and Manage SSL for your site (HTTPS) menu and load the certificate there:

cpanel-02

Simple copy-paste the code from each file into the following boxes as this:

  • The file cert.pem content goes into the Certificate (CRT)
  • The file private.pem content goes into the Private Key (KEY)
  • The file chain.pem content goes into the Certificate Authority Bundle (CABUNDLE)

That’s it! Your new Let’s Encrypt Certificate should be active on your domain. The whole process can take a couple of minutes the first time, but it’s so straightforward that the combination with WP Let’s Encrypt plugin and loading the certificate onto cPanel can take less than a minute once you’re used to it!

VestaCP

Vesta is more user friendly than even cPanel for loading certificates. After you downloaded your files through Vesta File Explorer or FTP you need to load it onto your domain menu, switching from HTTP to HTTPS like this:

vestacp-01

You load the contents of the respective files just as they are (copy-paste) without adding or removing anything, into the following boxes in this order:

  • The file cert.pem content goes into the SSL Certificate
  • The file private.pem content goes into the SSL Key
  • The file chain.pem content goes into the SSL Certificate Authority / Intermediate

vestacp-02

Once you have the contents loaded you simply click Save and voila! your web is instantly converted to SSL. Remember that this is all the initial configuration. Once the certificate has been loaded, you can choose to use WordPress Plugin to automate the reissue of the certificate.

Completing SSL Setup

Once the certificate is active you need to instruct WordPress to use SSL for the connection, like this:

wordpress-ssl

Once you click save you will have an HTTPS only site and you can begin to change your Google preferences and make further adjustments to your SEO.

Conclusion

With this article you’ve learned several ways on how to create a free SSL certificate and load it to your hosting environment. There are already hosting providers that support Let’s Encrypt right out of the box, and this is not a tutorial for that services. If you don’t already have a direct Let’s Encrypt method on your hosting, this tutorial was handmade for you. Of all the methods, using the WordPress Plugin combined with cPanel or Vesta is about the quickest of all the methods, taking you no more than 1 minute and giving you the freedom to forget about the reissue, since it will be handled by the plugin itself.

Technology has progressed a lot since the early days of HTTPS, and with the coming of Let’s Encrypt it’s universally available to everyone. Of course, there are cases where websites such as online store should still purchase premium certificates since they will cover you in case of fraud, but for the rest of us free certificates are here to stay.

Have you upgraded your WordPress installation to HTTPS? What are your thoughts? Tell us in the comments below.

Post Author: Alex Vojacek

Alex Vojacek is a full-time sysadmin for ESH, his own hosting company, a veteran in Wordpress Design and a speed freak. He is also the founder of TecnoGaming, a Gaming & Tech magazine in Latin America. When he is not managing or designing something, he loves to writes about technology.

Disclosure: This page contains external affiliate links that may result in us receiving a comission if you choose to purchase said product. The opinions on this page are our own. We do not receive payment for positive reviews.
Got something to say? Join the discussion.
  1. Jeff says:
    If I have several domains hosted on a shared hosting plan, will they all be able to run in https this way? Thanks
    • Alex Vojacek says:
      If you have an account at a shared hosting you may ask your hosting provider to offer you free SSL via Let's Encrypt cPanel extension. You may use the plugin yourself without the hosting help and it will still work properly though.
      Author
  2. David Wilks says:
    That is an exceptionally helpful post. I have multiple sites and have spent some hours in the past week trying to work out the how and what. I do not sell product directly but since I am running multisites, the costs were looking very uncomfortable. The Let's Encrypt option is not only viable for my sites, it's FREE! Thank you!
  3. Alex Vojacek says:
    Thank you for your kind words David & Prince. Writing useful posts is THE most important goal for me, I'm glad It was useful !
    Author
  4. Stéphane Benoit says:
    Great. Thanks a lot for this well written article. With your explanations, i'll be able to try to implement SSL for the first time with one of my websites.
  5. Jeffrey F. says:
    Thanks for this useful and helpful advice! Now I can easily manage my SSL. I will add Certbot to my setting from now on.
    • Alex Vojacek says:
      Certbot improved a lot, even after I've written this article. It is not the de-facto choice if you have a VPS.
      Author
  6. Stephanie | theFantasia says:
    Thank you for the easy to follow and detailed guide! I'd be contemplating changing hosts but it's such a costly and timely process and I'd rather try the plugin before having to go through the entire process. Will be sharing this post on social media!
    • Stephanie | theFantasia says:
      Just out of curiosity though, this plugin secures my WP dashboard area but hasn't updated the public domain, even after updating the WP General Settings. I can see the green bar within the WP admin pages, but not when I browse the website. Any thoughts?
      • Alex Vojacek says:
        Sometimes wordpress refuses to go all-SSL and you would need a plugin to force it to. You may go to Adjustements -> General and make sure it's all https:// besides that you may need this plugin: https://es-ar.wordpress.org/plugins/wp-force-ssl/
        Author
  7. L says:
    Hi, thank you very much this is very helpful. However I see you didn't implement the certificate on your site since it appears marked as not safe, why didn't you put it yet? Is it not working?
    • Kyla says:
      Kyla
      Because we are an older, established website it's going to take some time for us to transition. We've started the process but for us it's not something we can do without a significant amount of prep work. When we do make the switch we'll purchase an SSL certificate from our hosting company WP Engine, which we've already implemented on our sister site WDExplorer and has worked out great :-)
      Admin

Leave a Reply