By going through this article you will be able to know what is an SSL certificate and why it is important for your website.
I will also show you how to create a free SSL certificate for your website and all the steps required to add SSL certificate to your domain.
On adding SSL certificate to your website, it will open with HTTPS instead of HTTP. S stands for Secure.
It helps to keep information on your site secure and build trust among your visitors.
Let's learn more about SSL certificate and how to add them on your site for free.
Note: This article contains affiliate links. When you click an affiliate link and make a purchase, we get a small compensation at no cost to you. See our Privacy Policy and Disclaimer for more info.
What is an SSL certificate?
An SSL (Secure Sockets Layer) Certificate , also called a Digital Certificate, creates a secure link between a website and a visitor's browser.
When SSL certificate is installed on a web server, it activates the padlock (a lock just before the website url in the address bar) and the HTTPS protocol and allows secure connections from a web server to a browser.
Why it is important to add SSL Certificate?
Using the normal HTTP protocol in your website means that any information entered by your users on your site can be hijacked by hackers.
If your site accepts credit card transactions, data transfer and login information from your users then you must ensure that all the information entered are secure.
When a SSL certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPs, where the ‘S’ stands for ‘secure’.
In the address bar a padlock sign and HTTPS instead of HTTP is displayed just before the website URL. See the image given below.
If your website displays padlock and HTTPS in its URL, it builds trust among your site visitors and assures them that whatever information they are providing in the site are safe and secure.
Google also recommends using SSL certificate in your site and research shows that SSL-enabled websites rank slightly higher than their non-SSL competitor websites in search results.
Also, if you are not using an SSL certificate in your site then Google Chrome will show your users that your website is not secure.
Thus, even if your site is not accepting any kind of payment from users or any other kind of information, you must use SSL in your site for ranking factor and users trust.
Also Read: How to secure a WordPress blog?
How does SSL certificate keeps information secure?
When a user visits a secure website having SSL certificate, for example, https://technicalwall.com, their browser first verifies if the website’s SSL certificate is valid.
Now, if a user enters any confidential information like credit card details or bank account information, then SSL protects these information by encrypting the data transfer between a user’s browser and the website.
How to create free SSL certificate?
Any site which doesn't accepts payments from its user can get free SSL certificate from Let's Encrypt.
However, a site which accepts payment from credit card, debit card and netbanking or any other type of bank account information must use PAID SSL certificate as it provides much more security than a free SSL certificate.
Thus, if your site doesn't accept any banking information from its users then you can use SSL certificate from Let's Encrypt.
Let's Certificate is a new Certificate Authority (CA) that offers FREE SSL certificates.
Nowadays, many WordPress hosting companies are now offering free SSL certificate with all their hosting plans.
Hosting company A2hosting.com provides free SSL certificate using Let’s Encrypt with their hosting plans.
Thus, if you are using such hosting providers that provides free SSL certificates then you are saved from the hassles of installing the free SSL certificate on your own.
See below some of the best WordPress hosting companies that offer free SSL certificate with their hosting plans are.
However, if you are not using a hosting provider which provides free SSL certificates then you are left with two options.
The first option is to change your hosting provider as mentioned above. Second option allows you to create SSL certificate on your own from third party websites.
If you don't want to change your current hosting provider then read on to see how you can create free SSL certificate from sslforfree.com.
Sslforfree.com is offering 90-day free SSL certificates in partnership with ZeroSSL.
Visit sslforfree.com and create an account, though it is not mandatory. An account will help you to see all the certificates you have created and get renewal reminders.
After creating account, enter the URL of your domain for which you want to create the SSL certificate. Then, select Create Free SSL Certificate.
Sslforfree in partnership of ZeroSSL is offering the free SSL certificates.
Once you register or log in to the sslforfree.com website, you would taken to the certificate page where you can create new SSL certificate for your domain.
Enter the name of your domain for which you want to create the free SSL certificate (see the above image).
After entering the domain name, select Next Step.
In the next step, select the validity of the SSL certificate from the following options.
- 90-Day Certificate
- 1-Year Certificate
Please note that you can create free SSL certificate for 90-day only.
If you want SSL certificate for one year period then you can select 1-year certificate but you will have to pay for the certificate.
In this article we are focusing on generating free SSL certificate, so, we will select 90-day certificate option.
After selecting the option, select Next Step.
Now you will have to verify the ownership of your domain. You can verify your domain with the following 3 options.
- Email verification
- DNS (CNAME)
- HTTP File Upload
You can choose either of these methods.
I am showing you how to verify your domain with the third option which is HTTP File Upload.
Let's select HTTP File Upload. Once you select it, you would get an option to download an Auth File.
Click on Download Auth File to download the file.
Now log in to your hosting account and open File Manager under cPanel.
Under public_html directory (folder), create a folder .well-known and under .well-known create another folder with the name pki-validation.
Go to pki-validation folder and upload the downloaded file here. See the image given below.
Now go back to the sslforfree website and click on Next Step.
Now select Verify Domain. It will check whether the file has been uploaded successfully or not.
After successful verification, it will auto-generate the CSR. The option Auto-Generate CSR is selected by default.
Select Next Step.
Now it will ask to download the certificate. Download the zip file.
Extract the zip file. Now you will see the that the extracted folder has the following three files.
- ca_bundle
- certificate
- private.key
These three files are needed in next step to install free SSL certificate for your domain.
Right click on each of these three files one by one and select open it with either Notepad or Notepad++.
You will see that there are some codes in each of these files.
Keep all the three files open. We will need these codes for SSL installation.
How to add free SSL certificate to your website?
Now, again go to your cPanel and select SSL/TLS.
Now, select Manage SSL sites.
Now, under Manage Installed SSL Websites page, scroll down and select your domain name.
Do you remember we have kept open three notepad files, now it is time to use them.
Now copy the code from certificate file and paste it in Certificate (CRT) box.
Again copy the code from private.key file and paste it in Private Key (KEY) box.
And finally copy the code from ca_bundle file and paste it in Certificate Authority Bundle: (CABUNDLE) box.
Then, select Install Certificate. You will get a message that SSL certificate has been successfully installed.
That's it. You have successfully completed all the steps to install SSL certificate for free in your domain.
Additional Tips:
(i) My website is still not going to HTTPS or Secure after a successful installation.
Solution: Copy this code into the .htaccess file under public_html folder in Filemanager.
# Canonical HTTPS/non-WWW
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule (.*) https://example.com/$1 [L,R=301]
</IfModule>
Replace "example" with your domain name.
(ii) Who no Padlock sign?
Solution: If your website is loading fine but shows a red "Not Secure" or "Insecure" in the address bar after installation then your website most likely has insecure content which needs to be remedied.
One of the common issue is that you have one or more http link instead of https in your webpage. Just change http to https and you will see the above error has been resolved.
If you still see this problem, then you can try going to https://whynopadlock.com to see issues and fix.
Wrapping Up
I hope now you know what is the importance of adding SSL certificate and all the steps required to add a free SSL certificate on your website.
Almost all the popular hosting provider offers free SSL certificate with their hosting plans. If you're looking to create your first blog, I would recommend you to get the hosting account from DreamHost.
At only $2.59 per month, DreamHost offers a free domain name, free SSL certificate, fast SSD storage, free migration and more. Get started with DreamHost below with the special link given below and get 68% off.
Apart from a SSL certificate one must also consider using a security plugin to protect a blog. A security plugin helps you check your site for malware infection and protects your site from hackers.
I hope that if you follow all the steps mentioned in this article you can create free SSL certificate for your website.
If you have any question or suggestion please comment below.
Sharing is Caring! If you like this article please share it now.