All Collections
Getting Started
Securing Website Using SSL
How to Install Let's Encrypt SSL Certificate
How to Install Let's Encrypt SSL Certificate

A step-by-step guide on how you can Install the Let’s Encrypt SSL certificate [with video tutorial].

Cloudways Product avatar
Written by Cloudways Product
Updated over a week ago

Quick Tip!

New! Cloudways Autonomous - Kubernetes Powered Fully Managed WordPress Hosting with built-in autoscaling.

Table of Contents

This article explains the process of installing the Let’s Encrypt SSL Certificate on your application. We also have an article that explains what SSL is and why you need one.

Let’s Encrypt is a free, automated, and open certificate authority (CA); it is an initiative of the Internet Security Research Group (ISRG). It is designed to deliver free SSL/TLS certificates straightforwardly to promote a more secure and privacy-respecting web.

Important
If you have integrated Cloudflare Enterprise on your application, there is no such requirement to install an additional SSL certificate. If you still wish to install one, you can install the Let's Encrypt SSL certificate on your Cloudways origin server to achieve an extra layer of security; however, it is not mandatory.

Video Tutorial — Enable HTTPS on a Single Domain

We have created a video tutorial on enabling HTTPS on a single domain.

Video Tutorial — Enable HTTPS on Multiple Domains

We have also created a video tutorial on enabling HTTPS on multiple domains.

We support Let’s Encrypt’s initiative and offer an effortless installation and renewal of the Free Let’s Encrypt Certificate for all your web applications. This utility is included in all the server plans.

Why Choose Let’s Encrypt SSL

The following reasons explain why you should choose the Let’s Encrypt SSL Certificate.

  • Zero Cost — Let’s Encrypt SSL Certificate is free.

  • Safe — It is as secure as paid certificates because of its modern security architecture and techniques.

  • Easy — It is simple and easy to install. There is no need to create any accounts elsewhere, no email validations, and no payments.

  • Automatic — The entire process of generating, installing, and renewing SSL certificates is done automatically.

Important

  • Let’s Encrypt has some limitations for its SSL/TLS certificates to prevent abuse.

  • Let’s Encrypt only offers Domain Validation (DV) certificates, not Organization Validation (OV) certificates.

How to Install Let’s Encrypt SSL Certificate

Deploying Let’s Encrypt SSL Certificate via Cloudways Platform is as simple as calculating 2+2=4, and the following steps will comprehensively cover the procedure.

If you already have an SSL certificate configured on your website, installing another one will overwrite the existing one, as one application can only have one certificate.

Prerequisites

  • Your website should be live. It means that domains are mapped correctly and DNS records are correctly pointed.

  • See if your web application is compatible.

Just a quick question! Do you use any Web Application Firewall (WAF) service(s), such as Cloudflare, Sucuri, etc, for your website security? If yes, click on the service name you use, as there are a few prerequisite steps you need to follow. Else, skip to Step #1.

Cloudflare

If you use Cloudflare, you need to temporarily disable their protection until the SSL certificate is deployed, so be cautious if you are prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic. Cloudflare is a very well-known reverse proxy service. When opting for their services, you update your default nameservers with their nameservers, point DNS records to them, and then traffic is routed via Cloudflare to your website.

Please remember to purge your Cloudflare cache once the certificate is successfully deployed.

Sucuri

If you use Sucuri, you need to temporarily disable their protection by simply switching the DNS records back to the server until the SSL certificate is deployed. Please be careful if your site is prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic. Sucuri is a very well-known reverse proxy service. When opting for their services, you update your default nameservers, point DNS records to them, and then traffic is routed via Sucuri to your website.

You also need to enable the setting to “Forward Certificate Validation” as this permits HTTPS provisioning to complete successfully. This can be achieved by contacting Sucuri’s support, and then you may deploy the SSL Certificate.

Other WAF Services

You need to temporarily disable the WAF protection until the SSL certificate is deployed, so be cautious if you are prone to attacks. If you are a WordPress user, you can also enable Bot Protection to protect your site from unwanted and malicious traffic.

Step #1 — Navigate to SSL Management

Log in to the Cloudways Platform using your email address and password.

  1. From the top menu bar, click Servers.

  2. Then, choose the target server where your desired application is deployed.

    Classic Interface

    New Interface

  3. Next, click www.

  4. Select your application.

    Classic Interface

    New Interface

  5. Under Application Management, click the SSL Certificate.

    Classic Interface

    New Interface

Step #2 — Deploying SSL Certificate

  1. Under SSL Management, select Let’s Encrypt.

    Classic Interface

    New Interface

Now, you have two different choices to make, whether you want to cover a single domain or multiple domains with an SSL certificate.

  • A single domain means one domain only, such as cloudways.icu.

  • Multiple domains refer to additional domains and subdomains such as cloudways.icu, www.cloudways.icu, support.cloudways.icu, etc, or simply wildcard, e.g., *.cloudways.icu.

Option #1 — Single Domain

  1. First, enter your email address.

  2. Then, enter your desired domain.

  3. Once done, hit Install Certificate. In this example, we are using a root domain of our demo website (e.g., cloudways.icu).

    Classic Interface

    New Interface

    Keep in mind that nowadays, there are still a lot of users that will add “www” to every domain they visit, and if your SSL certificate does not cover it, it will lead to an insecure warning in their browsers, which looks like the following:

    In order to resolve this, you must also add the “www” subdomain as an additional domain during the installation of the SSL certificate, as shown in the example below:

    Of course, in your case, you would change “example.com” and the email address to the ones you are using. This will now resolve the insecure warning in the browser when visiting the domain with the “www” subdomain.

    It is also important to mention that you should make sure that the “www” subdomain is pointing to your server’s IP via an A record or as a CNAME pointing to the primary domain or else it will not resolve and can not be added to the SSL certificate. You can read about how to point your domain to us here.

That's it! Your application will have a Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Option #2 — Multiple Domains

You have two choices regarding securing multiple domains, such as Multi-domain (SAN) Certificate and Wildcard Certificate.

Multi-domain (SAN) Certificate vs. Wildcard Certificate

SAN refers to Subject Alternative Name, and a Multi-domain (SAN) Certificate allows the root domain and multiple domains (additional domains and subdomains) to be protected with a single certificate. You need to list down and declare all your domains when installing the SSL certificate.

A Wildcard Certificate lets you secure the root domain and multiple subdomains with just one certificate without listing down and declaring all your subdomains. In many cases, the Wildcard Certificate makes more sense than a Multi-domain (SAN) Certificate because it allows unlimited subdomains. In addition, you don’t need to redeploy the SSL certificate if you want to add more subdomains in the future. Read more about the Wildcard SSL Certificate.

Multi-domain (SAN) Certificate

  1. First, enter your email address.

  2. Add your domain in Domain Name. You can add additional domains by clicking Add Domain.

  3. Once done, click Install Certificate.

Important

Please note that one Let’s Encrypt SSL Certificate can only accommodate 100 SANs (additional and subdomains), and this restriction is set by Let’s Encrypt. Read more about Let’s Encrypt limitations.

Classic Interface

New Interface

Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Wildcard Certificate

  1. First, enter your email address.

  2. Add your root domain (without any prefix, e.g., “www”) in Domain Name.

  3. Now, Apply Wildcard.

Important

Let’s Encrypt Wildcard SSL Certificate requires DNS authentication. You need to create a CNAME record for your domain in your DNS/Domain registrar panel, so follow the steps below for comprehensive instructions.

Classic Interface

New Interface

4. You need to create a CNAME record with the below information in your Domain/DNS provider panel for the DNS authentication process.

  • Record Type: CNAME

  • Host/Name: _acme-challenge

  • Value/Alias: Your Cloudways’ default Application’s FQDN (Fully Qualified Domain Name). It is available on the same screen, as shown in this image.

  • TTL: ‘Time To Live’ is a propagation time. You can either choose the default value or 600 Seconds (or 10 minutes).

Classic Interface

New Interface

DNS propagation usually takes 5 minutes, but sometimes it can take up to 24 hours.

How to Check CNAME Record Propagation

You can use any third-party tool, such as whatsmydns to check the record propagation.

  1. First, input your website URL with the prefix _acme-challenge, e.g., _acme-challenge.cloudways.icu.

  2. Choose CNAME.

  3. Hit Search.

  4. Here, it shows that the CNAME record is successfully propagated.

  5. Once the CNAME record is successfully propagated, proceed further by clicking Verify DNS. You should see a message confirming the same.

    Classic Interface

    New Interface

  6. Finally, click Install Certificate.

    Classic Interface

    New Interface

Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.

Tip

  • If you would like to update your root domain in the future, you need to revoke your existing certificate and deploy a new one.

  • We recommend that you do not delete the CNAME record because it will affect your SSL certificate’s renewal process.

How to Force HTTPS Redirection

It’s time to force HTTPS redirection to ensure that your site always runs on a secured protocol. Once prompted, click Enable HTTPS. Please note that you can also force HTTPS redirection later as well.

Important

It is not mandatory to force HTTPS redirection using the Cloudways Platform if you have previously set it up using any firewall such as Cloudflare, Sucuri, application plugin, etc. However, if you want to force HTTPS redirection from the Cloudways Platform, you need to disable any redirection mechanism working elsewhere first.

Classic Interface

Here comes the next step of verifying your SSL certificate to ensure that your certificate is configured correctly.

How to Verify SSL Certificate

We highly recommend that you verify your SSL certificate, and we have created a self-explanatory guide for it. Verification is done so you can ensure that the SSL certificate is configured properly.

How to Renew Let’s Encrypt SSL Certificate

Let’s Encrypt SSL Certificate expires after 90 days of validity. Nonetheless, Cloudways Platform makes it super easy to renew your SSL certificate with automatic and on-demand renewal options, so your sites always remain protected.

Auto-Renewal

This option is selected by default when you install the certificate. Cloudways Platform will automatically renew your SSL certificate before 30 days of the expiry date. We recommend using the auto-renewal option, so you don’t have to renew the certificate every time manually.

Tip

If your SSL certificate is not renewing automatically, then take a look at this guide to troubleshoot the problem.

Classic Interface

New Interface

On-demand Renewal

You can also renew your SSL certificate manually using the on-demand renewal option. Click Renew Now to renew your certificate and extend its expiry to 90 days.

Classic Interface

New Interface

That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.

FAQs

Is Let’s Encrypt a paid service?

Let’s Encrypt SSL Certificates are free to deploy and renew as a part of all our server plans.

How many domains can I secure using the Let’s Encrypt SSL Certificate?

One Let’s Encrypt SSL Certificate can accommodate a maximum of one hundred SANs (Subject Alternative Names). This is the limitation of Let’s Encrypt. Alternatively, you can also use the Let’s Encrypt Wildcard SSL Certificate.

How long is the certificate valid?

Let’s Encrypt SSL Certificate expires after 90 days of validity. You can either set the instructions for renewing the SSL certificate automatically or do the on-demand renewal when you are close to the expiry date.

How does the auto-renewal process work?

If you have enabled the auto-renewal feature, it will automatically renew your SSL certificate before 30 days of the expiry date. Therefore, you do not have to renew the SSL certificate manually.

How many certificates can I install on one application?

Only one Let’s Encrypt SSL certificate can be installed per application.

What type of encryption is available in the Let’s Encrypt SSL Certificate?

It is RSA-signed using 2048-bit RSA keys.

Are wildcard certificates available on the Cloudways Platform?

Yes, Cloudways Platform also offers Let’s Encrypt Wildcard SSL Certificates.

Do browsers trust let’s Encrypt Certificate?

Yes, it is trusted by most browsers.

I already have my SSL Certificate installed. Can I install Let’s Encrypt?

Yes, you can. Let’s Encrypt SSL Certificate will overwrite the existing certificate.

Can I use Cloudflare or Sucuri over the Let’s Encrypt SSL Certificate?

Yes, you can, but the Cloudflare or Sucuri certificate will take precedence, and upon verifying your certificate, you will also see their certificate.


Use our WordPress hosting and avail the Let's Encrypt SSL certificate free of cost.

Did this answer your question?