Cloudways now supports the Let’s Encrypt initiative of the Internet Research Group. This was a much needed and awaited feature for which we received a large number of requests from our customers.
Let’s Encrypt is a new, automatic, free, and open certificate authority (CA) that offers to deliver free SSL certificates for everybody. It is not just cost-free, but it is also very easy to install and doesn’t require long procedures like conventional SSL certificates. All Cloudways customers can now enable free certificates on their servers with just 1-click.
Before you install a Let’s Encrypt certificate, we recommend you to go through this article where we have listed web applications that require no changes, along with those that do require some changes.
This support article will guide you on how to install a new Let’s Encrypt SSL Certificate on your server.
Step 1: Login to the Cloudways console
Go to https://platform.cloudways.com/ and log in with your credentials.
Step 2: Go to Application Management
Tap on “Applications” on the top menu bar and then select your target application from the list.
Step 3: Install a new Let’s Encrypt certificate (Free)
Click on the “SSL Certificate” menu option under the “Application Management” section and then make sure to select “Let’s Encrypt SSL Certificate” before you continue forward.
For single domain
- Enter your “Email Address” and the “Domain Name” on which you want to install the SSL certificate (e.g. acme.com).
- Click on the “Install Certificate” button.
IMPORTANT: Please make sure that your site is already live from your Cloudways server and that DNS propagation has been completed before attempting to deploy the Let’s Encrypt certificate. Otherwise, the SSL certificate will not be installed and you will receive an error message (see notes at the end of the KB).
For multiple domains (must be pointed)
- To secure multiple domain names (that are pointed to the same application) with Let’s Encrypt certificate, use “Add Domain” option and add the additional domains (e.g. www.acme.com, domain2.com, …).
- Finally, click on the “Install Certificate” button.
This process will take a few moments to complete.
Step 4: Check your new certificate
Once the Let’s Encrypt SSL certificate has been deployed to your application, you can check and verify it by using any free online SSL checker such as https://www.sslshopper.com/ssl-checker.html. You should see something similar to this:
Step 5 (if needed): On-demand Renewal for Let’s Encrypt Certificate
The auto-renew option of Let’s Encrypt Certificate for your web application is enabled by default. This option renews your certificate after every 3 months. However, if you prefer to manually renew your Let’s Encrypt Certificate, you can use the on-demand renewal option.
Click on the “SSL Certificate” menu option under the “Application Management” section and then click on the ‘’Renew Now’’.
Step 6 (when/if needed): Revoke a Let’s Encrypt certificate
If at some point you want to remove the Let’s Encrypt certificate (because you want to install a certificate from another provider, or the domain for the application has changed …), simply click the “Revoke” button. This will delete the Let’s Encrypt certificate and revert to the default self-signed certificate.
Step 7 (when/if needed): Update a Let’s Encrypt certificate
If you want to make changes with the currently installed Let’s Encrypt certificate for domain(s), you can apply the changes (add/remove domain) and click on “Save Changes“. This will remove your existing Let’s Encrypt certificate and will create a new Let’s Encrypt certificate with an updated list of domain(s).
Again, make sure that all the domains (for which you want to create a Let’s Encrypt certificate) must be pointed to your server otherwise you will receive an error message (see below notes for more information).
Click “Proceed” on the warning popup to begin the process.
- Your domain MUST point to your Server / Application and DNS propagation must be completed. Otherwise the SSL certificate will not be installed. You can check DNS propagation via any online tool such as https://www.whatsmydns.net/.
- If you want to protect multiple domains with a Let’s Encrypt certificate, all included domains must point to your Cloudways Server. Else, you will be presented with an error message.
- After installing the SSL certificate on your web application, you will need to force your website to use HTTPS. This can be done through the htaccess file OR you can set your site home URL / base URL with https from the web application admin area.
- If you have modified the htaccess file of your web application and added some restrictions, you MUST adjust it to use Let’s Encrypt SSL certificate. Otherwise, you will receive an error message while installing it.
- If you already have a paid SSL certificate installed on your server and now want to install a new Let’s Encrypt certificate, the process will overwrite your old SSL certificate.
- Wild card certificates (*.acme.com) are currently not supported by Let’s Encrypt.
- For now, only a single SSL certificate can be installed per application.
- SSL certificates are not copied when you clone your server. You will have to deploy a Let’s Encrypt certificate again on your new server.
- As per Let’s Encrypt policy, a maximum of 5 certificates per exact FQDN can be issued in a week. For example, if you install a certificate for the FQDN (www.mysite.com, mysite.com), you could install four more certificates for (www.mysite.com, mysite.com) during the week. This will cover the cases when you have decided to move your web application from one server to another server etc.
- Let’s Encrypt SSL certificates will auto renew after every 3 months. In case you want to turn off the auto renew feature, you can disable it from the “SSL Certificate” menu in the “Application Management” section.