Quick Tip!
New! Cloudways Autonomous - Kubernetes Powered Fully Managed WordPress Hosting with built-in autoscaling.
Table of Contents
This article explains the process of installing the Let’s Encrypt SSL Certificate on your application. We also have an article that explains what SSL is and why you need one.
Let’s Encrypt is a free, automated, and open certificate authority (CA); it is an initiative of the Internet Security Research Group (ISRG). It is designed to deliver free SSL/TLS certificates straightforwardly to promote a more secure and privacy-respecting web.
Important
If you have integrated Cloudflare Enterprise on your application, there is no such requirement to install an additional SSL certificate. If you still wish to install one, you can install the Let's Encrypt SSL certificate on your Cloudways origin server to achieve an extra layer of security; however, it is not mandatory.
Video Tutorials
Install SSL and Enable HTTPS (New Interface)
We have created a video tutorial on installing SSL and enabling HTTPS on your domain on New Interface.
Install SSL and Enable HTTPS on a Single Domain (Classic Interface)
We have created a video tutorial on installing SSL and enabling HTTPS on a single domain on Classic Interface.
Install SSL and Enable HTTPS on Multiple Domains (Classic Interface)
We have also created a video tutorial on installing SSL and enabling HTTPS on multiple domains on Classic Interface.
We support Let’s Encrypt’s initiative and offer an effortless installation and renewal of the Free Let’s Encrypt Certificate for all your web applications. This utility is included in all the server plans.
Why Choose Let’s Encrypt SSL
The following reasons explain why you should choose the Let’s Encrypt SSL Certificate.
Zero Cost — Let’s Encrypt SSL Certificate is free.
Safe — It is as secure as paid certificates because of its modern security architecture and techniques.
Easy — It is simple and easy to install. There is no need to create any accounts elsewhere, no email validations, and no payments.
Automatic — The entire process of generating, installing, and renewing SSL certificates is done automatically.
Important
Let’s Encrypt has some limitations for its SSL/TLS certificates to prevent abuse.
Let’s Encrypt only offers Domain Validation (DV) certificates, not Organization Validation (OV) certificates.
How to Install Let’s Encrypt SSL Certificate
Deploying Let’s Encrypt SSL Certificate via Cloudways Platform is as simple as calculating 2+2=4, and the following steps will comprehensively cover the procedure.
If you already have an SSL certificate configured on your website, installing another one will overwrite the existing one, as one application can only have one certificate.
Prerequisites
Your website should be live. It means that domains are mapped correctly and DNS records are correctly pointed.
See if your web application is compatible.
Just a quick question! Do you use any Web Application Firewall (WAF) service(s), such as Cloudflare, Sucuri, etc, for your website security? If yes, click on the service name you use, as there are a few prerequisite steps you need to follow. Else, skip to Step #1.
Cloudflare
If you use Cloudflare, you might need to temporarily disable their protection until the SSL certificate is deployed. Cloudflare is a very well-known reverse proxy service. When opting for their services, you update your default nameservers with their nameservers, point DNS records to them, and then traffic is routed via Cloudflare to your website.
Please remember to purge your Cloudflare cache once the certificate is successfully deployed.
Sucuri
If you use Sucuri, you need to temporarily disable their protection by simply switching the DNS records back to the server until the SSL certificate is deployed. Sucuri is a very well-known reverse proxy service. When opting for their services, you update your default nameservers, point DNS records to them, and then traffic is routed via Sucuri to your website.
You also need to enable the setting to “Forward Certificate Validation” as this permits HTTPS provisioning to complete successfully. This can be achieved by contacting Sucuri’s support, and then you may deploy the SSL Certificate.
Other WAF Services
You need to temporarily disable the WAF protection until the SSL certificate is deployed, so be cautious if you are prone to attacks.
Step #1 — Navigate to SSL Management
Log in to the Cloudways Platform using your email address and password.
From the top menu bar, click Servers.
Then, choose the target server where your desired application is deployed.
Classic Interface
New Interface
Next, click www.
Select your application.
Classic Interface
New Interface
Under Application Management, click the SSL Certificate.
Classic Interface
New Interface
Step #2 — Deploying SSL Certificate
Now, you have two different choices to make, whether you want to cover a single domain or multiple domains with an SSL certificate.
A single domain means one domain only, such as cloudways.icu.
Multiple domains refer to additional domains and subdomains such as cloudways.icu, www.cloudways.icu, support.cloudways.icu, etc, or simply wildcard, e.g., *.cloudways.icu.
Learn more about the domain(s) coverage of different SSL certificates.
Option #1 — Single Domain
First, enter your email address.
Then, enter your desired domain.
Once done, hit Install Certificate. In this example, we are using a root domain of our demo website (e.g., cloudways.icu).
Classic Interface
New Interface
Keep in mind that nowadays, there are still a lot of users that will add “www” to every domain they visit, and if your SSL certificate does not cover it, it will lead to an insecure warning in their browsers, which looks like the following:
In order to resolve this, you must also add the “www” subdomain as an additional domain during the installation of the SSL certificate, as shown in the example below:
Of course, in your case, you would change “example.com” and the email address to the ones you are using. This will now resolve the insecure warning in the browser when visiting the domain with the “www” subdomain.
It is also important to mention that you should make sure that the “www” subdomain is pointing to your server’s IP via an A record or as a CNAME pointing to the primary domain or else it will not resolve and can not be added to the SSL certificate. You can read about how to point your domain to us here.
That's it! Your application will have a Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Option #2 — Multiple Domains
You have two choices regarding securing multiple domains, such as Multi-domain (SAN) Certificate and Wildcard Certificate.
Multi-domain (SAN) Certificate vs. Wildcard Certificate
SAN refers to Subject Alternative Name, and a Multi-domain (SAN) Certificate allows the root domain and multiple domains (additional domains and subdomains) to be protected with a single certificate. You need to list down and declare all your domains when installing the SSL certificate.
A Wildcard Certificate lets you secure the root domain and multiple subdomains with just one certificate without listing down and declaring all your subdomains. In many cases, the Wildcard Certificate makes more sense than a Multi-domain (SAN) Certificate because it allows unlimited subdomains. In addition, you don’t need to redeploy the SSL certificate if you want to add more subdomains in the future. Read more about the Wildcard SSL Certificate.
Multi-domain (SAN) Certificate
First, enter your email address.
Add your domain in Domain Name. You can add additional domains by clicking Add Domain.
Once done, click Install Certificate.
Important
Please note that one Let’s Encrypt SSL Certificate can only accommodate 100 SANs (additional and subdomains), and this restriction is set by Let’s Encrypt. Read more about Let’s Encrypt limitations.
Classic Interface
New Interface
Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Wildcard Certificate
First, enter your email address.
Add your root domain (without any prefix, e.g., “www”) in Domain Name.
Now, Apply Wildcard.
Important
Let’s Encrypt Wildcard SSL Certificate requires DNS authentication. You need to create a CNAME record for your domain in your DNS/Domain registrar panel, so follow the steps below for comprehensive instructions.
Classic Interface
New Interface
4. You need to create a CNAME record with the below information in your Domain/DNS provider panel for the DNS authentication process.
Record Type: CNAME
Host/Name: _acme-challenge
Value/Alias: Your Cloudways’ default Application’s FQDN (Fully Qualified Domain Name). It is available on the same screen, as shown in this image.
TTL: ‘Time To Live’ is a propagation time. You can either choose the default value or 600 Seconds (or 10 minutes).
Classic Interface
New Interface
DNS propagation usually takes 5 minutes, but sometimes it can take up to 24 hours.
How to Check CNAME Record Propagation
You can use any third-party tool, such as whatsmydns to check the record propagation.
First, input your website URL with the prefix _acme-challenge, e.g., _acme-challenge.cloudways.icu.
Choose CNAME.
Hit Search.
Here, it shows that the CNAME record is successfully propagated.
Once the CNAME record is successfully propagated, proceed further by clicking Verify DNS. You should see a message confirming the same.
Classic Interface
New Interface
Finally, click Install Certificate.
Classic Interface
New Interface
Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Tip
If you would like to update your root domain in the future, you need to revoke your existing certificate and deploy a new one.
We recommend that you do not delete the CNAME record because it will affect your SSL certificate’s renewal process.
How to Force HTTPS Redirection
It’s time to force HTTPS redirection to ensure that your site always runs on a secured protocol. Once prompted, click Enable HTTPS. Please note that you can also force HTTPS redirection later as well.
Important
It is not mandatory to force HTTPS redirection using the Cloudways Platform if you have previously set it up using any firewall such as Cloudflare, Sucuri, application plugin, etc. However, if you want to force HTTPS redirection from the Cloudways Platform, you need to disable any redirection mechanism working elsewhere first.
Classic Interface
Here comes the next step of verifying your SSL certificate to ensure that your certificate is configured correctly.
How to Verify SSL Certificate
We highly recommend that you verify your SSL certificate, and we have created a self-explanatory guide for it. Verification is done so you can ensure that the SSL certificate is configured properly.
How to Renew Let’s Encrypt SSL Certificate
Let’s Encrypt SSL Certificate expires after 90 days of validity. Nonetheless, Cloudways Platform makes it super easy to renew your SSL certificate with automatic and on-demand renewal options, so your sites always remain protected.
Auto-Renewal
This option is selected by default when you install the certificate. Cloudways Platform will automatically renew your SSL certificate before 30 days of the expiry date. We recommend using the auto-renewal option, so you don’t have to renew the certificate every time manually.
Tip
If your SSL certificate is not renewing automatically, then take a look at this guide to troubleshoot the problem.
Classic Interface
New Interface
On-demand Renewal
You can also renew your SSL certificate manually using the on-demand renewal option. Click Renew Now to renew your certificate and extend its expiry to 90 days.
Classic Interface
New Interface
That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.
FAQs
Is Let’s Encrypt a paid service?
Let’s Encrypt SSL Certificates are free to deploy and renew as a part of all our server plans.
How many domains can I secure using the Let’s Encrypt SSL Certificate?
One Let’s Encrypt SSL Certificate can accommodate a maximum of one hundred SANs (Subject Alternative Names). This is the limitation of Let’s Encrypt. Alternatively, you can also use the Let’s Encrypt Wildcard SSL Certificate.
How long is the certificate valid?
Let’s Encrypt SSL Certificate expires after 90 days of validity. You can either set the instructions for renewing the SSL certificate automatically or do the on-demand renewal when you are close to the expiry date.
How does the auto-renewal process work?
If you have enabled the auto-renewal feature, it will automatically renew your SSL certificate before 30 days of the expiry date. Therefore, you do not have to renew the SSL certificate manually.
How many certificates can I install on one application?
Only one Let’s Encrypt SSL certificate can be installed per application.
What type of encryption is available in the Let’s Encrypt SSL Certificate?
It is RSA-signed using 2048-bit RSA keys.
Are wildcard certificates available on the Cloudways Platform?
Yes, Cloudways Platform also offers Let’s Encrypt Wildcard SSL Certificates.
Do browsers trust let’s Encrypt Certificate?
Yes, it is trusted by most browsers.
I already have my SSL Certificate installed. Can I install Let’s Encrypt?
Yes, you can. Let’s Encrypt SSL Certificate will overwrite the existing certificate.
Can I use Cloudflare or Sucuri over the Let’s Encrypt SSL Certificate?
Yes, you can, but the Cloudflare or Sucuri certificate will take precedence, and upon verifying your certificate, you will also see their certificate.
Use our WordPress hosting and avail the Let's Encrypt SSL certificate free of cost.