Introducing Cloudways Community Forum. Start Discussions and Get Instant Help From Cloudways Community. JOIN NOW

How to Install a Let’s Encrypt Certificate for My ApplicationApril 5, 2016

 

In this KB

  • Installation of Let’s Encrypt SSL certificates for single domain
  • Installation of Let’s Encrypt SSL certificates for multiple domains
  • On-demand renewal of Let’s Encrypt SSL certificates
  • Updating Let’s Encrypt SSL certificates
  • Revoking Let’s Encrypt SSL certificates

 

Cloudways frequently introduces new features based on customer feedback. We now support the Let’s Encrypt initiative of the Internet Research Group.

Let’s Encrypt is a new, automatic, free, and open certificate authority (CA) that offers to deliver free SSL certificates for everybody. It is not just cost-free, but it is also very easy to install and doesn’t require long procedures like conventional SSL certificates. All Cloudways customers can now enable free certificates on their servers with just 1-click.

Note: Before you install a Let’s Encrypt certificate, we recommend you to go through this guide where we have listed web applications that require no changes, along with those that do require some changes.

Step 1: Go to Application Management

Log into the Cloudways Platform with your credentials. Click on Applications on the top menu bar and then select your target application from the list.

Cloudways Application Management

Step 2: Install a New Let’s Encrypt Certificate (Free)

Click on the SSL Certificate section under the Application Management area and then make sure to select Let’s Encrypt SSL Certificate option before you continue forward.

For single domain

  • Enter your Email Address and the Domain Name on which you want to install the SSL certificate (e.g. acme.com).
  • Click on the Install Certificate button.

Note:  Please make sure that your site is already live from your Cloudways server and that DNS propagation has been completed before attempting to deploy the Let’s Encrypt certificate. Otherwise, the SSL certificate will not be installed and you will receive an error message (You must see the Important Notes at the end of this guide before proceeding further).

Enable Let's Encrypt

For multiple domains (must be pointed)

  • To secure multiple domain names (that are pointed to the same application) with Let’s Encrypt certificate, use Add Domain option and add the additional domains (e.g. www.acme.com, domain2.com, …).
  • Finally, click on the Install Certificate button.

Enable Let's Encrypt for multiple domains

This process will take a few moments to complete.

Cloudways SSL Installation

Step 3: Check Your New Certificate

Once the Let’s Encrypt SSL certificate has been deployed to your application, you can check and verify it by using any free online SSL checker such as the one at SSL Shopper. You should see something similar to this:

SSL Checker

Step 4: On-demand Renewal for Let’s Encrypt  Certificate (If Needed)

The auto-renew option of Let’s Encrypt Certificate for your web application is enabled by default. This option renews your certificate after every 3 months. However, if you prefer to manually renew your Let’s Encrypt Certificate, you can use the on-demand renewal option.

Click on the SSL Certificate section under the Application Management area and then click on Renew Now.

Renew Let's Encrypt Certificate

Step 5: Revoke a Let’s Encrypt Certificate (When/If needed)

If at some point you want to remove the Let’s Encrypt certificate (because you want to install a certificate from another provider, or the domain for the application has changed …), simply click the Revoke button. This will delete the Let’s Encrypt certificate and revert to the default self-signed certificate.

4

Step 6: Update a Let’s Encrypt Certificate (When/If needed)

If you want to make changes with the currently installed Let’s Encrypt certificate for the domain(s), you can apply the changes (add/remove domain) and click on Save Changes. This will remove your existing Let’s Encrypt certificate and will create a new Let’s Encrypt certificate with an updated list of the domain(s).

Again, make sure that all the domains (for which you want to create a Let’s Encrypt certificate) must be pointed to your server otherwise you will receive an error message (see below notes for more information).

Click on Proceed on the warning popup to begin the process.

Modify list of domains for Let's Encrypt

Important Notes:

  • Your domain MUST point to your Server/Application and DNS propagation must be completed. Otherwise, the SSL certificate will not be installed. You can check DNS propagation via any online tool such as What’s My DNS
  • If you want to protect multiple domains with a Let’s Encrypt certificate, all included domains must point to your Cloudways Server. Else, you will be presented with an error message.
  • After installing the SSL certificate on your web application, you will need to force your website to use HTTPS. This can be done through the htaccess file OR you can set your site home URL / base URL with https from the web application admin area.
  • If you have modified the htaccess file of your web application and added some restrictions, you MUST adjust it to use Let’s Encrypt SSL certificate. Otherwise, you will receive an error message while installing it.
  • If you already have a paid SSL certificate installed on your server and now want to install a new Let’s Encrypt certificate, the process will overwrite your old SSL certificate.
  • Wildcard certificates (*.acme.com) are currently not supported by Let’s Encrypt.
  • For now, only a single SSL certificate can be installed per application.
  • SSL certificates are not copied when you clone your server. You will have to deploy a Let’s Encrypt certificate again on your new server.
  • As per Let’s Encrypt policy, a maximum of 5 certificates per exact FQDN can be issued in a week. For example, if you install a certificate for the FQDN (www.mysite.com, mysite.com), you could install four more certificates for (www.mysite.com, mysite.com) during the week. This will cover the cases when you have decided to move your web application from one server to another server etc. 
  • Let’s Encrypt SSL certificates will auto-renew after every 3 months. In case you want to turn off the auto-renew feature, you can disable it from the SSL Certificate section in the Application Management area.
Have Questions? Ask From Our Helpful Community

18 Responses

  1. William Silva says:

    How do I uninstall it?

  2. Bryson T says:

    It wasn’t noted in this article, but I’m guessing that the Let’s Encrypt implementation on Cloudways does not yet support WordPress Multi Site installs? Specifically where the network sites/blogs have domains mapped to them. Such as the base site is mysite.com, with a blog at mysite.com/site1 that can be accessed at mysite1.com. We can only add the SLL cert to mysite.com, and mysite1.com will not work. I’d like confirmation of this, and any information on how long until that configuration does work. Thanks!

  3. Denis says:

    This is really awesome! Great job Cloudways! 🙂 You have a new customer 😉

  4. Scott says:

    This looks great. I’m just wondering, how do I add several domains for a SAN cert (supported by Let’s Encrypt)?

    Cheers,
    Scott.

  5. Morten Borg says:

    Should the domain be added with or without “www”? And will both domain.com and http://www.domain.com be supported by the certificate?

    • Cloudways says:

      If you are using a sub domain e.g. blog.domain.com, then there is no need of using domain with www. If you are using your main domain e.g. http://www.domain.com or domain.com then you could add the domain with either www or without it and select “Alias” and this would install the SSL for both www and non www.

      Regards,
      Cloudways Team

  6. Albin Rosntrom says:

    I just installed a “Let’s Encrypt SSL certificate”. I would like to include https in the base url. I see this article mentions including https in the base url but I do not see to many other KB post that expound on that.

    My first guess is that “base url” is also what is referred to as the “primary domain” under domain management for a given application. I attempted editing the “primary domain” to include http:// infront of http://www.domain-name.com, but this was not accepted by the system. Where do I include https so that all traffic uses https and not http?

    Thanks,

    Albin

    • Cloudways says:

      To force the site to https you should use the admin panel of your webiste and under “web settings” or “general settings” set the base url as https instead of http.

      Regards,
      Cloudways Team

  7. Andy Leverenz says:

    Will this solution work with cloudflare enabled? Currently I have it enabled and I used the SSL checker but the cloudflare cert took over. How can I work around this and is it possible?

    • Cloudways says:

      It depends on the plan you are using with cloudflare. Unfortunately, Free CloudFlare plan does not allow using a custom SSL certificate. Even if the certificate is properly configured on the server, browsers will show “common name mismatch” errors. Acting as a proxy, CloudFlare hides real NS records of the domain, so the web client cannot reach and check the valid SSL certificate installed on the web server, but gets the SSL issued for CloudFlare. There are two ways to fix the mismatch: either upgrade to the paid Business or Enterprise plan, or disable the CloudFlare. By disabling the CloudFlare you will change the NS records back to hosting DNS; then the clients will be able to reach the server directly and verify your certificate as trusted. A paid plan will let you upload the custom certificate to the CloudFlare account.

      As an option, you can enable the Full SSL Strict mode on a Free plan and use your trusted certificate together with UniversalSSL from CloudFlare but the cloudflare SSL is what your SSL check from any online tool will be showing and your Lets Encrypt Certificate will be the encrypting the communication between your server and your Cloudflare account.

  8. Matt says:

    Does Let’s Encrypt support a Wildcard SSL cert for all subdomains under my domain? *.domain.com

    • Cloudways says:

      Unfortunately, wild card certificates (*.domain.com) are currently not supported by Let’s Encrypt. For now, only a single SSL certificate can be installed per application.

      Cloudways Team

  9. […] Optional steps: Activate let’s encrypt SSL for your app (click here). In order for that to work you’ll need to edit your config.php to reflect that URL change, […]

  10. […] HostGator etc. support adding free SSL certificate via Let’s Encrypt. In my example, I have installed SSL certificate in just 1-click on Cloudways. You can simply contact your host about this and if they provide this feature they […]

Still need help? Our support team is waiting to help you. Ask them now