In this KB
- Installation of Let’s Encrypt SSL certificates for single domain
- Installation of Let’s Encrypt SSL certificates for multiple domains
- On-demand renewal of Let’s Encrypt SSL certificates
- Updating Let’s Encrypt SSL certificates
- Revoking Let’s Encrypt SSL certificates
Cloudways frequently introduces new features based on customer feedback. We now support the Let’s Encrypt initiative of the Internet Research Group.
Let’s Encrypt is a new, automatic, free, and open certificate authority (CA) that offers to deliver free SSL certificates for everybody. It is not just cost-free, but it is also very easy to install and doesn’t require long procedures like conventional SSL certificates. All Cloudways customers can now enable free certificates on their servers with just 1-click.
Note: Before you install a Let’s Encrypt certificate, we recommend you to go through this guide where we have listed web applications that require no changes, along with those that do require some changes.
Step 1: Go to Application Management
Log into the Cloudways Platform with your credentials. Click on Applications on the top menu bar and then select your target application from the list.
Step 2: Install a New Let’s Encrypt Certificate (Free)
Click on the SSL Certificate section under the Application Management area and then make sure to select Let’s Encrypt SSL Certificate option before you continue forward.
For single domain
- Enter your Email Address and the Domain Name on which you want to install the SSL certificate (e.g. acme.com).
- Click on the Install Certificate button.
Note: Please make sure that your site is already live from your Cloudways server and that DNS propagation has been completed before attempting to deploy the Let’s Encrypt certificate. Otherwise, the SSL certificate will not be installed and you will receive an error message (You must see the Important Notes at the end of this guide before proceeding further).
For multiple domains (must be pointed)
- To secure multiple domain names (that are pointed to the same application) with Let’s Encrypt certificate, use Add Domain option and add the additional domains (e.g. www.acme.com, domain2.com, …).
- Finally, click on the Install Certificate button.
This process will take a few moments to complete.
Step 3: Check Your New Certificate
Once the Let’s Encrypt SSL certificate has been deployed to your application, you can check and verify it by using any free online SSL checker such as the one at SSL Shopper. You should see something similar to this:
Step 4: On-demand Renewal for Let’s Encrypt Certificate (If Needed)
The auto-renew option of Let’s Encrypt Certificate for your web application is enabled by default. This option renews your certificate after every 3 months. However, if you prefer to manually renew your Let’s Encrypt Certificate, you can use the on-demand renewal option.
Click on the SSL Certificate section under the Application Management area and then click on Renew Now.
Step 5: Revoke a Let’s Encrypt Certificate (When/If needed)
If at some point you want to remove the Let’s Encrypt certificate (because you want to install a certificate from another provider, or the domain for the application has changed …), simply click the Revoke button. This will delete the Let’s Encrypt certificate and revert to the default self-signed certificate.
Step 6: Update a Let’s Encrypt Certificate (When/If needed)
If you want to make changes with the currently installed Let’s Encrypt certificate for the domain(s), you can apply the changes (add/remove domain) and click on Save Changes. This will remove your existing Let’s Encrypt certificate and will create a new Let’s Encrypt certificate with an updated list of the domain(s).
Again, make sure that all the domains (for which you want to create a Let’s Encrypt certificate) must be pointed to your server otherwise you will receive an error message (see below notes for more information).
Click on Proceed on the warning popup to begin the process.
- Your domain MUST point to your Server/Application and DNS propagation must be completed. Otherwise, the SSL certificate will not be installed. You can check DNS propagation via any online tool such as What’s My DNS.
- If you want to protect multiple domains with a Let’s Encrypt certificate, all included domains must point to your Cloudways Server. Else, you will be presented with an error message.
- After installing the SSL certificate on your web application, you will need to force your website to use HTTPS. This can be done through the htaccess file OR you can set your site home URL / base URL with https from the web application admin area.
- If you have modified the htaccess file of your web application and added some restrictions, you MUST adjust it to use Let’s Encrypt SSL certificate. Otherwise, you will receive an error message while installing it.
- If you already have a paid SSL certificate installed on your server and now want to install a new Let’s Encrypt certificate, the process will overwrite your old SSL certificate.
- Wildcard certificates (*.acme.com) are currently not supported by Let’s Encrypt.
- For now, only a single SSL certificate can be installed per application.
- SSL certificates are not copied when you clone your server. You will have to deploy a Let’s Encrypt certificate again on your new server.
- As per Let’s Encrypt policy, a maximum of 5 certificates per exact FQDN can be issued in a week. For example, if you install a certificate for the FQDN (www.mysite.com, mysite.com), you could install four more certificates for (www.mysite.com, mysite.com) during the week. This will cover the cases when you have decided to move your web application from one server to another server etc.
- Let’s Encrypt SSL certificates will auto-renew after every 3 months. In case you want to turn off the auto-renew feature, you can disable it from the SSL Certificate section in the Application Management area.