Kinsta has a Let’s Encrypt integration, which means free SSL hosting and certificates for all of your WordPress sites. The certificate renewal process is completely automated, which in turn saves you money and time. You can literally make the switch within a click of a button. This is available from within your MyKinsta dashboard. If you have been thinking about moving to HTTPS, now is the time. Check out our steps below on how to implement free SSL/TLS on your WordPress site and a little background behind the Let’s Encrypt project.
Let’s Encrypt is a free, automated, and open certificate authority that officially launched on April 2016. It was originally started in 2012 by two Mozilla employees. Their goal? It’s pretty simple really; to encrypt the entire web and make it a more privacy-respecting place. It might sound kind of crazy, but as you know, Google has been heavily pushing for HTTPS everywhere over the past few years. And Let’s Encrypt really has started to make a huge dent in the industry, especially as it pertains to free SSL hosting.
Certificate authorities are the ones that issue SSL/TLS certificates, which are responsible for encrypting your data and e-commerce transactions. Not just anyone can suddenly become a certificate authority, because they require the trust of many different platforms. Browsers and devices trust a certificate authority (CA) by accepting the root certificate into its root store, which is basically a database of approved CAs that come pre-installed with the browser or device.
Microsoft, Mozilla, Apple, all have their own root stores. So to become a CA, you need to have the trust of some of the biggest names in the industry. When Let’s Encrypt first launched they received cross-signatures from IdenTrust, which gave them trust by all major browsers. Read more about how Let’s Encrypt works. For web hosting providers, like Kinsta, Let’s Encrypt has now enabled us to make deploying SSL certificates a one-click process! And the great news is, everything is instant and automated.
According to the Let’s Encrypt stats, the number of sites and companies using Let’s Encrypt has been growing at a very rapid pace. As of January 2018, they have issued 100 million certificates and have over 49.2 million active SSL certificates. Thanks to the project, the encrypted web has grown from 40% to 58% in just under two years. This is in part due to many web hosting companies and CDN providers hopping on board with Let’s Encrypt integrations to offer free SSL hosting.
On average they are issuing between 80k to over 600k SSL certificates per day.
Let’s Encrypt also believes in full transparency. All certificates issued or revoked are publicly recorded and available for anyone to inspect. You can actually use this certificate search tool from COMODO to look up any Let’s Encrypt certificate that has been issued.
There are two major factors that confirm the validity of Let’s Encrypt certificates. First, the platform must support IdenTrust’s DST Root X3 certificate in its trust store. The second is that the platform must support modern SHA-2 certificates. Let’s Encrypt certificates are supported on the following browsers:
So you can rest easy knowing that the free SSL certificates will work on 99% of all devices.
By having access to Let’s Encrypt, this means you no longer have to mess with the confusing process of obtaining your certificate keys, private keys, debugging your intermediate certificate, or generating a CSR. The process for getting an SSL certificate on your website and migrating to HTTPS become a lot easier! It is basically now a one-click integration. Let’s Encrypt is also completely safe. It is backed by corporations and ventures such as Automattic, Mozilla, Cisco, Google Chrome, Facebook, Sucuri – just to name a few.
And you can’t beat free. The SSL certificates from Let’s Encrypt by design, expire every 90 days. However, Kinsta renews them for you automatically behind the scenes. So if you take advantage of our Let’s Encrypt integration you can let your purchased SSL certs expire and save some money next year on renewals.
It is important to note though that Let’s Encrypt only supports domain validated certificates. This means you will get a green padlock in the address bar on your WordPress site, such as seen below.
However, they don’t offer organization validation or extended validation certificates. This means the certificates won’t have a warranty, which is insurance for an end user against loss of money when submitting a payment on an SSL-secured site.
We expect that Let’s Encrypt won’t support EV, because the EV process will always require human effort, which will require paying someone. Our model is to issue certificates free of charge, which requires a level automation that doesn’t seem compatible with EV. – Seth Schoen, Certbot Engineer
So if you are an enterprise or large business Let’s Encrypt might not be for you. But the good news is it should work great for the large majority of WordPress sites out there.
Also, as of January 2018, they will be supporting wildcard certificates. A wildcard certificate can secure any number of subdomains (e.g. *.domain.com). This allows the use of a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.
Don’t forget about the many advantages to running your WordPress site over HTTPS. By utilizing our new Let’s Encrypt integration you can benefit from the following:
Setting up SSL is now as easy as 123. Follow the steps below on how to install a free Let’s Encrypt certificate on your WordPress site hosted with Kinsta.
Note: If you are using Cloudflare or Sucuri, skip down below as there are a few additional steps required beforehand.
Login to your MyKinsta dashboard and click on “Manage” next to your WordPress site.
Click on “Tools” and under Enable HTTPS click on “Add Let’s Encrypt Certificate.”
In order for a certificate to be generated successfully you must have at least one live domain pointed at Kinsta. Then click on “Next.”
You will then have an option to choose the domains on which you want an SSL certificate installed. If your site is http://domain.com and has a redirect from www to non-www, you will still want to select both for the HTTPS redirect. Click on “Generate Certificate.” (Note: You will need to add all of your domains prior to this from the MyKinsta dashboard, including any subdomains which require SSL)
And that’s it! It will take a few seconds or so to install and your site should be all secured.
Cloudflare allows two different arrangements for loading a site over HTTPS: flexible or full (or full strict).
The best practice is to install Let’s Encrypt via the method above and set the crypto level at Cloudflare to Full or Full “Strict” so that the connection is encrypted all the way from the Kinsta server to the client’s browser.
You must first contact their support and have them enable the setting to “forward certificate validation.” This allows HTTPS provisioning to complete successfully. You may then install Let’s Encrypt or a custom SSL certificate via the methods above.
There are a couple ways to verify your site is now using the Let’s Encrypt certificate. If you are overriding a current custom SSL certificate, it can be good to check everything is set up correctly. One way to is to browse to your site via https:// and open Chrome Devtools.
Ctrl + Shift + I
Cmd + Opt + I
Click into the “Security” panel and click on “View certificate.” You can then check the issuer. It should read “Let’s Encrypt Authority X3.”
We also always recommend running an SSL check on your WordPress site. You should be scoring an A grade if everything is setup correctly. The easiest way to do this is to use the free SSL check tool from Qualys SSL Labs. Input your domain and let it scan your site.
If you have been thinking about moving to HTTPS now is the time! Free SSL hosting is now as easy as 123. Make sure to check out our HTTPS migration guide as there are steps you will want to follow as it pertains to SEO and such for after installing SSL on your WordPress site. We would also love to hear what you think of this new feature.
And as always, if you have any issues or concerns feel free to open up a chat with one of our support specialists.
Send this to a friend