How to Install a Let’s Encrypt Certificate for My ApplicationApril 5, 2016

 

Cloudways now supports the Let’s Encrypt initiative of the Internet Research Group. This was a much needed and awaited feature for which we received a large number of requests from our customers. 

Let’s Encrypt is a new, automatic, free, and open certificate authority (CA) that offers to deliver free SSL certificates for everybody. It is not just cost-free, but it is also very easy to install and doesn’t require long procedures like conventional SSL certificates. All Cloudways customers can now enable free certificates on their servers with just 1-click.

Before you install a Let’s Encrypt certificate, we recommend you to go through this article where we have listed web applications that require no changes, along with those that do require some changes.

This support article will guide you on how to install a new Let’s Encrypt SSL Certificate on your server.

Step 1: Login to the Cloudways console

Go to https://platform.cloudways.com/ and log in with your credentials.

Cloudways Login

Step 2: Go to Application Management

Tap on “Applications” on the top menu bar and then select your target application from the list.

Cloudways Application Management

Step 3: Install a new Let’s Encrypt certificate (Free)

Click on the “SSL Certificate” menu option under the “Application Management” section and then make sure  to select “Let’s Encrypt SSL Certificate” before you continue forward.

For single domain

  • Enter your “Email Address” and the “Domain Name” on which you want to install the SSL certificate (e.g. acme.com).
  • Click on the “Install Certificate” button.

 

IMPORTANT:  Please make sure that your site is already live from your Cloudways server and that DNS propagation has been completed before attempting to deploy the Let’s Encrypt certificate. Otherwise, the SSL certificate will not be installed and you will receive an error message (You must see the notes at the end of the KB before proceeding further).

Enable Let's Encrypt

For multiple domains (must be pointed)

  • To secure multiple domain names (that are pointed to the same application) with Let’s Encrypt certificate, use “Add Domain” option and add the additional domains (e.g. www.acme.com, domain2.com, …).
  • Finally, click on the “Install Certificate” button.

Enable Let's Encrypt for multiple domains

This process will take a few moments to complete.

Cloudways SSL Installation

Step 4: Check your new certificate

Once the Let’s Encrypt SSL certificate has been deployed to your application, you can check and verify it by using any free online SSL checker such as https://www.sslshopper.com/ssl-checker.html. You should see something similar to this:

SSL Checker

Step 5 (if needed): On-demand Renewal for Let’s Encrypt  Certificate

The auto-renew option of Let’s Encrypt Certificate for your web application is enabled by default. This option renews your certificate after every 3 months. However, if you prefer to manually renew your Let’s Encrypt Certificate, you can use the on-demand renewal option.

Click on the “SSL Certificate” menu option under the “Application Management” section and then click on the ‘’Renew Now’’.

Renew Let's Encrypt Certificate

Step 6 (when/if needed): Revoke a Let’s Encrypt certificate

If at some point you want to remove the Let’s Encrypt certificate (because you want to install a certificate from another provider, or the domain for the application has changed …), simply click the “Revoke” button. This will delete the Let’s Encrypt certificate and revert to the default self-signed certificate.

4

Step 7 (when/if needed): Update a Let’s Encrypt certificate

If you want to make changes with the currently installed Let’s Encrypt certificate for domain(s), you can apply the changes (add/remove domain) and click on “Save Changes“. This will remove your existing Let’s Encrypt certificate and will create a new Let’s Encrypt certificate with an updated list of domain(s).

Again, make sure that all the domains (for which you want to create a Let’s Encrypt certificate) must be pointed to your server otherwise you will receive an error message (see below notes for more information).

Click “Proceed” on the warning popup to begin the process.

Modify list of domains for Let's Encrypt

Notes:

  • Your domain MUST point to your Server / Application and DNS propagation must be completed. Otherwise the SSL certificate will not be installed. You can check DNS propagation via any online tool such as https://www.whatsmydns.net/.
  • If you want to protect multiple domains with a Let’s Encrypt certificate, all included domains must point to your Cloudways Server. Else, you will be presented with an error message. 
  • After installing the SSL certificate on your web application, you will need to force your website to use HTTPS. This can be done through the htaccess file OR you can set your site home URL / base URL with https from the web application admin area.
  • If you have modified the htaccess file of your web application and added some restrictions, you MUST adjust it to use Let’s Encrypt SSL certificate. Otherwise, you will receive an error message while installing it.
  • If you already have a paid SSL certificate installed on your server and now want to install a new Let’s Encrypt certificate, the process will overwrite your old SSL certificate.
  • Wild card certificates (*.acme.com) are currently not supported by Let’s Encrypt.
  • For now, only a single SSL certificate can be installed per application.
  • SSL certificates are not copied when you clone your server. You will have to deploy a Let’s Encrypt certificate again on your new server.
  • As per Let’s Encrypt policy, a maximum of 5 certificates per exact FQDN can be issued in a week. For example, if you install a certificate for the FQDN (www.mysite.com, mysite.com), you could install four more certificates for (www.mysite.com, mysite.com) during the week. This will cover the cases when you have decided to move your web application from one server to another server etc.
  • Let’s Encrypt SSL certificates will auto renew after every 3 months. In case you want to turn off the auto renew feature, you can disable it from the “SSL Certificate” menu in the “Application Management” section.

17 Responses

  1. William Silva says:

    How do I uninstall it?

  2. Bryson T says:

    It wasn’t noted in this article, but I’m guessing that the Let’s Encrypt implementation on Cloudways does not yet support WordPress Multi Site installs? Specifically where the network sites/blogs have domains mapped to them. Such as the base site is mysite.com, with a blog at mysite.com/site1 that can be accessed at mysite1.com. We can only add the SLL cert to mysite.com, and mysite1.com will not work. I’d like confirmation of this, and any information on how long until that configuration does work. Thanks!

  3. Denis says:

    This is really awesome! Great job Cloudways! 🙂 You have a new customer 😉

  4. Scott says:

    This looks great. I’m just wondering, how do I add several domains for a SAN cert (supported by Let’s Encrypt)?

    Cheers,
    Scott.

  5. Morten Borg says:

    Should the domain be added with or without “www”? And will both domain.com and http://www.domain.com be supported by the certificate?

    • Cloudways says:

      If you are using a sub domain e.g. blog.domain.com, then there is no need of using domain with www. If you are using your main domain e.g. http://www.domain.com or domain.com then you could add the domain with either www or without it and select “Alias” and this would install the SSL for both www and non www.

      Regards,
      Cloudways Team

  6. Albin Rosntrom says:

    I just installed a “Let’s Encrypt SSL certificate”. I would like to include https in the base url. I see this article mentions including https in the base url but I do not see to many other KB post that expound on that.

    My first guess is that “base url” is also what is referred to as the “primary domain” under domain management for a given application. I attempted editing the “primary domain” to include http:// infront of http://www.domain-name.com, but this was not accepted by the system. Where do I include https so that all traffic uses https and not http?

    Thanks,

    Albin

  7. Andy Leverenz says:

    Will this solution work with cloudflare enabled? Currently I have it enabled and I used the SSL checker but the cloudflare cert took over. How can I work around this and is it possible?

    • Cloudways says:

      It depends on the plan you are using with cloudflare. Unfortunately, Free CloudFlare plan does not allow using a custom SSL certificate. Even if the certificate is properly configured on the server, browsers will show “common name mismatch” errors. Acting as a proxy, CloudFlare hides real NS records of the domain, so the web client cannot reach and check the valid SSL certificate installed on the web server, but gets the SSL issued for CloudFlare. There are two ways to fix the mismatch: either upgrade to the paid Business or Enterprise plan, or disable the CloudFlare. By disabling the CloudFlare you will change the NS records back to hosting DNS; then the clients will be able to reach the server directly and verify your certificate as trusted. A paid plan will let you upload the custom certificate to the CloudFlare account.

      As an option, you can enable the Full SSL Strict mode on a Free plan and use your trusted certificate together with UniversalSSL from CloudFlare but the cloudflare SSL is what your SSL check from any online tool will be showing and your Lets Encrypt Certificate will be the encrypting the communication between your server and your Cloudflare account.

  8. Matt says:

    Does Let’s Encrypt support a Wildcard SSL cert for all subdomains under my domain? *.domain.com

    • Cloudways says:

      Unfortunately, wild card certificates (*.domain.com) are currently not supported by Let’s Encrypt. For now, only a single SSL certificate can be installed per application.

      Cloudways Team

  9. […] Optional steps: Activate let’s encrypt SSL for your app (click here). In order for that to work you’ll need to edit your config.php to reflect that URL change, […]

Leave a Reply

Still need help? Our support team is waiting to help you. Ask them now