This article explains how to install the Let’s Encrypt SSL Certificate on your application. We also have an article that explains what SSL is and why you need one.

Let’s Encrypt is a free, automated, and open certificate authority (CA), which is an initiative of the Internet Security Research Group (ISRG) . It is designed to deliver free SSL/TLS certificates using a simple and straightforward process to promote a more secure and privacy-respecting web.

Video Tutorial — Enable HTTPS on a Single Domain

We have created a video tutorial on how you can enable HTTPS on a single domain.

Video Tutorial — Enable HTTPS on Multiple Domains

We have also created a video tutorial on how you can enable HTTPS on multiple domains.

We support Let’s Encrypt’s initiative and offer an effortless installation and renewal of the Free Let’s Encrypt Certificate for all your web applications. This utility is included in all the server plans.

Why Choose Let’s Encrypt SSL

The following reasons explain why you should choose the Let’s Encrypt SSL Certificate.

  • Zero Cost — Let’s Encrypt SSL Certificate is free.

  • Safe — It is as secure as paid certificates because of its modern security architecture and techniques.

  • Easy — It is simple and easy to install. There is no need to create any accounts elsewhere, no email validations, no payments.

  • Automatic — The entire process of generating, installing, and renewing SSL certificates is done automatically.

Important

  • Let’s Encrypt has some limitations for its SSL/TLS certificates to prevent abuse.

  • Let’s Encrypt only offers Domain Validation (DV) certificates, not the Organization Validation (OV) certificates.

How to Install Let’s Encrypt SSL Certificate

Deploying Let’s Encrypt SSL Certificate via Cloudways Platform is as simple as calculating 2+2=4 and the following steps will comprehensively cover the procedure.

If you already have an SSL certificate configured on your website, installing another one will overwrite the existing one, as one application can only have one certificate.

Prerequisites

Just a quick question! Do you use any Web Application Firewall (WAF) service(s) such as Cloudflare, Sucuri, etc for your website security? If yes, click on the service name you use as there are a few prerequisite steps you need to follow. Else, skip to Step #1.

Cloudflare

If you use Cloudflare, you need to temporarily disable their protection until the SSL certificate is deployed, so be cautious if you are prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic. Cloudflare is a very well-known reverse-proxy service. When opting for their services, you update your default nameservers with their nameservers, point DNS records to them, and then traffic is routed via Cloudflare to your website.

Please remember to purge your Cloudflare’s cache once the certificate is successfully deployed.

Sucuri

If you use Sucuri, you need to temporarily disable their protection by simply switching the DNS records back to the server until the SSL certificate is deployed. Please be careful if your site is prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic. Sucuri is a very well-known reverse-proxy service. When opting for their services, you update your default nameservers with their nameservers, point DNS records to them, and then traffic is routed via Sucuri to your website.

You also need to enable the setting to “Forward Certificate Validation” as this permits HTTPS provisioning to complete successfully. This can be achieved by contacting Sucuri’s support, and then you may deploy the SSL Certificate.

Other WAF Services

You need to temporarily disable the WAF protection until the SSL certificate is deployed, so be cautious if you are prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic.

Let’s Encrypt SSL — Navigate to SSL Management

Log in to the Cloudways Platform using your email address and password.

  1. From the top menu bar, click Servers.

  2. Then, choose your target server where your desired application is deployed.

3. Next, click www.

4. Select your application.

5. Under Application Management, click the SSL Certificate.

Let’s Encrypt SSL — Deploying SSL Certificate

  1. Under SSL Management, select Let’s Encrypt.

Now, you have two different choices to make, whether you want to cover a single domain or multiple domains with an SSL certificate.

  • A single domain means one domain only, such as cloudways.icu.

  • Whereas, multiple domains refer to additional domains and subdomains such as cloudways.icu, www.cloudways.icu, support.cloudways.icu, etc, or simply wildcard, e.g., *.cloudways.icu.

Learn more about the domain(s) coverage of different types of SSL certificates.

Option# 1 — Single Domain

  1. First, enter your email address.

  2. Then, enter your desired domain.

  3. Once done, hit Install Certificate. In this example, we are using a root domain of our demo website (e.g., cloudways.icu).

Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Option# 2 — Multiple Domains

You have two choices regarding securing multiple domains, such as Multi-domain (SAN) Certificate and Wildcard Certificate.

Multi-domain (SAN) Certificate vs. Wildcard Certificate

SAN refers to Subject Alternative Name, and a Multi-domain (SAN) Certificate allows the root domain and multiple domains (additional domains and subdomains) to be protected with a single certificate. You need to list down and declare all your domains when installing the SSL certificate.

A Wildcard Certificate allows you to secure the root domain and multiple subdomains with just one certificate without listing down and declaring all your subdomains. In many cases, the Wildcard Certificate makes more sense than a Multi-domain (SAN) Certificate because it allows unlimited subdomains. You don’t need to redeploy the SSL certificate if you want to add more subdomains in the future. Read more about the Wildcard SSL Certificate.

Multi-domain (SAN) Certificate

  1. First, enter your email address.

  2. Add your domain in Domain Name. You can add additional domains by clicking Add Domain.

  3. Once done, click Install Certificate.

Important

Please note that one Let’s Encrypt SSL Certificate can only accommodate 100 SANs (additional and subdomains), and this restriction is set by Let’s Encrypt. Read more about Let’s Encrypt limitations.

Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Wildcard Certificate

  1. First, enter your email address.

  2. Add your root domain (without any prefix, e.g., “www”) in Domain Name.

  3. Now, Apply Wildcard.

Important

Let’s Encrypt Wildcard SSL Certificate requires DNS authentication for which you need to create a CNAME record for your domain in your DNS/Domain registrar panel, so follow the steps below for comprehensive instructions.

4. For the DNS authentication process, you need to create a CNAME record with the below information in your Domain/DNS provider panel.

  • Record Type: CNAME

  • Host/Name: _acme-challenge

  • Value/Alias: Your Cloudways’ default Application’s FQDN (Fully Qualified Domain Name). It is available on the same screen, as shown in this image.

  • TTL: ‘Time To Live’ is a propagation time. You can either choose the default value or 600 Seconds (or 10 minutes).

DNS propagation usually takes 5 minutes, but sometimes it can take up to 24 hours.

How to Check if CNAME Record is Propagated?

You can use any third-party tool such as whatsmydns to check the record propagation.

  1. First, input your website URL with the prefix _acme-challenge, e.g., _acme-challenge.cloudways.icu.

  2. Choose CNAME.

  3. Hit Search.

Here, it shows that the CNAME record is successfully propagated.

5. Once the CNAME record is successfully propagated, proceed further by clicking Verify DNS. You should see a message confirming the same.

6. Finally, click Install Certificate.

Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Tip

  • If you would like to update your root domain in the future, then you need to revoke your existing certificate and deploy a new one.

  • We recommend that you do not delete the CNAME record because it will affect your SSL certificate’s renewal process.

Let’s Encrypt SSL — Forcing HTTPS Redirection

It’s time to force HTTPS redirection to ensure that your site always runs on a secured protocol. Once prompted, click Enable HTTPS. Please note that you can also force HTTPS redirection later as well.

Important

It is not mandatory to force HTTPS redirection using the Cloudways Platform if you have previously set it up using any firewall such as Cloudflare, Sucuri, using any application plugin, etc. If you want to force HTTPS redirection from the Cloudways Platform, you need to disable any redirection mechanism working elsewhere first.

Here comes the next step of verifying your SSL certificate to ensure that your certificate is configured correctly.

Let’s Encrypt SSL — Verifying SSL Certificate

We highly recommend that you verify your SSL certificate, and we have created a self-explanatory guide for it. Verification is done so you can ensure that the SSL certificate is configured properly. If you need any help, you can always contact us via Live Chat or create a support ticket.

That’s it! You have learned how to deploy Free Let’s Encrypt SSL Certificate on your application.

How to Renew Let’s Encrypt SSL Certificate

Let’s Encrypt SSL Certificate expires after 90 days of validity. Nonetheless, Cloudways Platform makes it super easy to renew your SSL certificate with automatic and on-demand renewal options, so your sites always remain protected.

Important

Just a quick question! Do you use any Web Application Firewall (WAF) service(s) such as Cloudflare, Sucuri, etc for your website security? If yes, then read the prerequisite steps before renewing your SSL certificate.

Auto Renewal

This option is selected by default when you install the certificate. Cloudways Platform will automatically renew your SSL certificate before 30 days of the expiry date. We recommend using the auto-renewal option, so you don’t have to renew the certificate every time manually.

Tip

If your SSL certificate is not renewing automatically, then take a look at this guide to troubleshoot the problem.

On-demand Renewal

You can also renew your SSL certificate manually using the on-demand renewal option. Click Renew Now to renew your certificate and extend its expiry to 90 days.

That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.

FAQs

Is Let’s Encrypt a paid service?

Let’s Encrypt SSL Certificates are free to deploy and renew as a part of all our server plans.

How many domains can I secure using the Let’s Encrypt SSL Certificate?

One Let’s Encrypt SSL Certificate can accommodate a maximum of one hundred SANs (Subject Alternative Names). This is the limitation by Let’s Encrypt. Alternatively, you can also use the Let’s Encrypt Wildcard SSL Certificate.

How long is the certificate valid?

Let’s Encrypt SSL Certificate expires after 90 days of validity. You can either set the instructions for renewing the SSL certificate automatically or do the on-demand renewal when you are close to the expiry date.

How does the auto-renewal process work?

If you have enabled the auto-renewal feature, it will automatically renew your SSL certificate before 30 days of the expiry date. You do not have to go through renewing the SSL certificate manually.

How many certificates can I install on one application?

Only one Let’s Encrypt SSL certificate can be installed per application.

What type of encryption is available in the Let’s Encrypt SSL Certificate?

It is RSA-signed using 2048-bit RSA keys.

Are wildcard certificates available on the Cloudways Platform?

Yes, Cloudways Platform also offers Let’s Encrypt Wildcard SSL Certificates.

Do browsers trust let’s Encrypt Certificate?

Yes, it is trusted by most browsers.

I already have my SSL Certificate installed. Can I install Let’s Encrypt?

Yes, you can. Let’s Encrypt SSL Certificate will overwrite the existing certificate.

Can I use Cloudflare or Sucuri over the Let’s Encrypt SSL Certificate?

Yes, you can, but the Cloudflare or Sucuri certificate will take precedence, and upon verifying your certificate, you will also see their certificate.

Did this answer your question?