163
Shares

Kinsta has a Let’s Encrypt integration, which means free SSL hosting and certificates for all of your WordPress sites. The certificate renewal process is completely automated, which in turn saves you money and time. You can literally make the switch within a click of a button. This is available from within your MyKinsta dashboard. If you have been thinking about moving to HTTPS, now is the time. Check out our steps below on how to implement free SSL/TLS on your WordPress site and a little background behind the Let’s Encrypt project.

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority that officially launched on April 2016. It was originally started in 2012 by two Mozilla employees. Their goal? It’s pretty simple really; to encrypt the entire web and make it a more privacy-respecting place. It might sound kind of crazy, but as you know, Google has been heavily pushing for HTTPS everywhere over the past few years. And Let’s Encrypt really has started to make a huge dent in the industry, especially as it pertains to free SSL hosting.

Let's Encrypt is helping turn the 'HTTPS everywhere' goal into a reality. 🔒 @letsencrypt Click to Tweet

Certificate authorities are the ones that issue SSL/TLS certificates, which are responsible for encrypting your data and e-commerce transactions. Not just anyone can suddenly become a certificate authority, because they require the trust of many different platforms. Browsers and devices trust a certificate authority (CA) by accepting the root certificate into its root store, which is basically a database of approved CAs that come pre-installed with the browser or device.

Still looking for that perfect WordPress host?

Try Kinsta's premium managed WordPress hosting to experience your site without problems.
  • Styleized controls representing management Fully managed
  • Shield with a tick representing securitySecure like Fort Knox
  • Merging lines representing migrationsFree migrations
  • Three right chevrons representing server speedUltimate speed
  • Circular arrow with center dot representing backupsDaily backups
  • Offset hexagons representing our server stackGoogle Cloud Platform
trusted root certificate authorities

Trusted root certificate authorities

Microsoft, Mozilla, Apple, all have their own root stores. So to become a CA, you need to have the trust of some of the biggest names in the industry. When Let’s Encrypt first launched they received cross-signatures from IdenTrust, which gave them trust by all major browsers. Read more about how Let’s Encrypt works. For web hosting providers, like Kinsta, Let’s Encrypt has now enabled us to make deploying SSL certificates a one-click process! And the great news is, everything is instant and automated.

Let’s Encrypt Stats

According to the Let’s Encrypt stats, the number of sites and companies using Let’s Encrypt has been growing at a very rapid pace. As of January 2018, they have issued 100 million certificates and have over 49.2 million active SSL certificates. Thanks to the project, the encrypted web has grown from 40% to 58% in just under two years. This is in part due to many web hosting companies and CDN providers hopping on board with Let’s Encrypt integrations to offer free SSL hosting.

Free SSL Let's Encrypt statistics

Free SSL Let’s Encrypt statistics

On average they are issuing between 80k to over 600k SSL certificates per day.

Free SSL certificates issued per day

Free SSL certificates issued per day

Let’s Encrypt also believes in full transparency. All certificates issued or revoked are publicly recorded and available for anyone to inspect. You can actually use this certificate search tool from COMODO to look up any Let’s Encrypt certificate that has been issued.

Let’s Encrypt Compatibility

There are two major factors that confirm the validity of Let’s Encrypt certificates. First, the platform must support IdenTrust’s DST Root X3 certificate in its trust store. The second is that the platform must support modern SHA-2 certificates. Let’s Encrypt certificates are supported on the following browsers:

  • Mozilla Firefox v2 and higher
  • Google Chrome
  • Internet Explorer on Windows XP SP3 and higher (prior to SP3 cannot handle SHA-2 signed certificates)
  • Microsoft Edge
  • Android OS v2.3.6 and higher
  • Safari v4 and higher on MacOS
  • Safari on iOS v3.1 and higher
  • Debian Linux v6 and higher
  • Ubuntu Linux v12.04 and higher

So you can rest easy knowing that the free SSL certificates will work on 99% of all devices.

What Does Free SSL Hosting Mean For You?

By having access to Let’s Encrypt, this means you no longer have to mess with the confusing process of obtaining your certificate keys, private keys, debugging your intermediate certificate, or generating a CSR. The process for getting an SSL certificate on your website and migrating to HTTPS become a lot easier! It is basically now a one-click integration. Let’s Encrypt is also completely safe. It is backed by corporations and ventures such as Automattic, Mozilla, Cisco, Google Chrome, Facebook, Sucuri – just to name a few.

And you can’t beat free. The SSL certificates from Let’s Encrypt by design, expire every 90 days. However, Kinsta renews them for you automatically behind the scenes. So if you take advantage of our Let’s Encrypt integration you can let your purchased SSL certs expire and save some money next year on renewals.

It is important to note though that Let’s Encrypt only supports domain validated certificates. This means you will get a green padlock in the address bar on your WordPress site, such as seen below.

domain validated certificate

However, they don’t offer organization validation or extended validation certificates. This means the certificates won’t have a warranty, which is insurance for an end user against loss of money when submitting a payment on an SSL-secured site.

We expect that Let’s Encrypt won’t support EV, because the EV process will always require human effort, which will require paying someone. Our model is to issue certificates free of charge, which requires a level automation that doesn’t seem compatible with EV. – Seth Schoen, Certbot Engineer

So if you are an enterprise or large business Let’s Encrypt might not be for you. But the good news is it should work great for the large majority of WordPress sites out there.

Also, as of January 2018, they will be supporting wildcard certificates. A wildcard certificate can secure any number of subdomains (e.g. *.domain.com). This allows the use of a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.

Benefits of HTTPS

Don’t forget about the many advantages to running your WordPress site over HTTPS. By utilizing our new Let’s Encrypt integration you can benefit from the following:

  • Your data is now encrypted and secure. No plain text is ever passed. This is important for e-commerce transactions of course, but also for even logging into your WordPress site.
  • Google has officially said that HTTPS is a ranking factor.
  • The green padlock bar helps build trust and credibility for your visitors.
  • Avoid the Chrome warning that is coming in January 2017 which is going to mark HTTP pages that collect passwords or credit cards as non-secure.
  • Better and more accurate referral data. By default, HTTPS to HTTP referral data is blocked in Google Analytics.
  • By using Let’s Encrypt and enabling HTTPS you can benefit from HTTP/2 on your site, which means performance improvements.
  • And now you can also benefit from free SSL hosting.

How to Setup Let’s Encrypt on Your WordPress Site

Setting up SSL is now as easy as 123. Follow the steps below on how to install a free Let’s Encrypt certificate on your WordPress site hosted with Kinsta.

Note: If you are using Cloudflare or Sucuri, skip down below as there are a few additional steps required beforehand.

Step 1

Login to your MyKinsta dashboard and click on “Manage” next to your WordPress site.

Manage WordPress site

Manage WordPress site

Step 2

Click on “Tools” and under Enable HTTPS click on “Add Let’s Encrypt Certificate.”

Add Let's Encrypt certificate

Add Let’s Encrypt certificate

Step 3

In order for a certificate to be generated successfully you must have at least one live domain pointed at Kinsta. Then click on “Next.”

Struggling with downtime and WordPress problems? Kinsta is the hosting solution designed to save you time! Check out our features
Generate Let's Encrypt HTTPS credentials

Generate Let’s Encrypt HTTPS credentials

Step 4

You will then have an option to choose the domains on which you want an SSL certificate installed. If your site is http://domain.com and has a redirect from www to non-www, you will still want to select both for the HTTPS redirect. Click on “Generate Certificate.” (Note: You will need to add all of your domains prior to this from the MyKinsta dashboard, including any subdomains which require SSL)

HTTPS credentials domains

HTTPS credentials domains

And that’s it! It will take a few seconds or so to install and your site should be all secured.

For Those Using Cloudflare

Cloudflare allows two different arrangements for loading a site over HTTPS: flexible or full (or full strict).

  • Flexible allows an HTTP (unencrypted) connection between Cloudflare and the Kinsta servers and does not require an SSL certificate.
  • Full requires an HTTPS (encrypted) connection between Cloudflare and the Kinsta servers.

The best practice is to install Let’s Encrypt via the method above and set the crypto level at Cloudflare to Full or Full “Strict” so that the connection is encrypted all the way from the Kinsta server to the client’s browser.

For Those Using Sucuri

You must first contact their support and have them enable the setting to “forward certificate validation.” This allows HTTPS provisioning to complete successfully. You may then install Let’s Encrypt or a custom SSL certificate via the methods above.

Verify Your SSL Certificate

There are a couple ways to verify your site is now using the Let’s Encrypt certificate. If you are overriding a current custom SSL certificate, it can be good to check everything is set up correctly. One way to is to browse to your site via https:// and open Chrome Devtools.

  • Windows: F12 or also Ctrl + Shift + I
  • Mac: Cmd + Opt + I

Click into the “Security” panel and click on “View certificate.” You can then check the issuer. It should read “Let’s Encrypt Authority X3.”

let's encrypt issued certificate

We also always recommend running an SSL check on your WordPress site. You should be scoring an A grade if everything is setup correctly. The easiest way to do this is to use the free SSL check tool from Qualys SSL Labs. Input your domain and let it scan your site.

ssl check

Summary

If you have been thinking about moving to HTTPS now is the time! Free SSL hosting is now as easy as 123. Make sure to check out our HTTPS migration guide as there are steps you will want to follow as it pertains to SEO and such for after installing SSL on your WordPress site. We would also love to hear what you think of this new feature.

And as always, if you have any issues or concerns feel free to open up a chat with one of our support specialists.