How to install an SSL certificate


Having a website running with SSL at 100% is highly recommended :

- a padlock in your URL without warning gives immediately a good impression of you to visitors
- maximize your customers' trust (personal and financial datas integrity)
- get a better ranking because Google integrates this variable in its ranking :
https://ahrefs.com/blog/http-vs-https-for-seo/ 
- reinforce your web security against certain types of web attacks

- Get Http2 protocol benefits : speed + security
- Does it tells you something : Edward Snowden ? yes.... we all have now understood that SSL will encrypt data browsing... avoiding then invasive marketing spies...
- Conclusion : more sales !

Read also :
https://www.yoorshop.fr/announcements/348/Important-announcement-of-Google-regarding-SSL-starting-January-2017.html 
mode http2

In old days, it was pretty complicated to install an SSL, but lately, it is now possible either in 0 click, either in only few clicks with us !

To be able to install an SSL certificate, your domain must resolve to our server, by IP or with our DNS (propagation inclusive)

1. Automatic method :
With AutoSSL from cPanel, this system generate free SSL Let's encrypt automatically every 24 hours on all domains/subdomains.
It operates every 24 hours at around 6AM Paris time, and also each time a domain is added on server, it must resolve to our server before so that SSL can be installed :
Check current IP of your domain (it must match the one in your cpanel account in advanced DNS zone) :
https://www.whatsmydns.net/#A
Your DNS :
https://www.whatsmydns.net/#NS
(they must correspond to those given in the mail given during your order which includes all informations of your services)
NB : SSL will be installed only when these previous changes are done and propagated enough, 1 hour for A entry, several hours for DNS

Now, check and see in your cPanel, section Security : "SSL/TLS Status", if any SSL was already installed on your domain, You will see "AutoSSL domain validated" if the case...

Security cPanel

If the case is no, use the manual method as described below.


2. Manual method :
You can install your free and unlimited SSL certificates

Go to section Security, icon "SSL/TLS Status" :
Select include/exclude depending on where you want SSL to be installed, in general :
yourdomain.com
www.yourdomain.com
mail.yourdomain.com

Click on Run AutoSSL as shown :

Let's encrypt cPanel


Warning : a local SSL cache problem can be observed and will solve itself within few hours, this is normal, temporarily use an external web proxy to see how it works now with SSL: https://hidester.com/proxy/ 


NB 1 : once on your SSL installed, you have to wait 1 minute for server to take into account your SSL, and type your domain with https:// to get a preview. If you get warnings in the URL in firefox, or no locksmith in chrome, this means some URLs are in still coded as http, this can imply modules, you must first enable SSL mode in your CMS :
- prestashop has this native SSL feature in admin
- for wordpress just make your domain look alike https://www.yourdomain.com in settings/general. To redirect old pages http to https, install plugin Easy HTTPS Redirection, find in general settings HTTPs redirection, click : 
Enable automatic redirection to the "HTTPS"  + The whole domain
Force resources to use HTTPS URL

For other CMS, read the documentation

Resolution of persistent warnings :
use SSL info in top left of your browser to find out which one, click "medias", "more informations"... Sometimes, a few modules need reinstalling to get the new https path, other times, you need to hard code.

NB 2 : These SSL expires every 3 months, and they are renewed automatically before expiry date !
NB 3 : concerning google webmaster tools, you can now add the ssl version of your domain
NB 4 :
For the story of the "www" it is possible to make it work in the case of sub-domain, it depends how you created the sub-domain with or without "www.", rare case
NB 5 : a folder named will be created in your website files : .well-known, leave it as it is, it will be used for future automatic renewals...
NB 6 : you can't add a SSL on a domain added type : "alias"


2.
If your site/CMS has no SSL feature in any way

A. Go to the Domains section of your cPanel : Redirects, and program what you want

OR

B. By direct insertion in your htaccess : 
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you use domain without www , then you should redirect all www request to non www ones, replace lines 2 and 3 by these :

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]


Verification SSL http2 :

https://tools.keycdn.com/http2-test 


3.
 HSTS : your can get your SSL certified HSTS, giving a A+ level to your SSL, if :

- you use ONLY 100% SSL (all your pages)
- your website does not show any warning of your SSL on any page
- don't use cloudflare free version, as it will not be compatible with SSL

Then, we can push you up to top HSTS high security/performance level :
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security 

To proceed :

Go in your cPanel in section 'Nginx cluster control', click on 'AUTOM8N XtendWeb'

Choose first your domain and click 'Configure'
After, click on 'Server settings', see line :
'hsts - add_header Strict-Transport-Security "max-age=86400" always;'
Just below you see that it is now 'Disabled', click on 'enabled', and go at bottom page, click on : 'Submit'


This will give you confirmation that this mod is now being active :

Strict-Transport-Security Supported

Excellent! This website is using HSTS, also known as Strict Transport Security. This tells the browser to always use SSL when talking to this website, allows more of your visitors the opportunity to both be secure and to use SPDY. The server is sending the header Strict-Transport-Security: max-age=2592000 which tells the web browser to always use SSL to access this website for the next 180 days.

With HSTS activated, you will get same as this client : SSL with A+, you can test online :
https://www.ssllabs.com/ssltest/analyze.html?d=e-benedetti.fr 



4. Optional :
Add your site version https in google webmaster tools, with adjusted sitemaps with https URLs...Google will understand better the link between your gained SEO with http site to transfer it to your https website.


EV SSL certificate
If you want a green bar like us, you must buy this specific SSL to our recommended partner :
https://www.gogetssl.com/
The one we have is :
https://www.gogetssl.com/extended-validation/comodo-ev-ssl/ 
You must have a firm to buy this last one (not working if sole trader), and you will have to complete the administrative process with Comodo and support Gogetssl. (We recommend you to buy it for 2 years directly to avoid the administrative renewal process)

You will need your DUNS from beginning, get it free within 30 seconds thanks to YOORshop :
http://fedgov.dnb.com/webform/displayHomePage.do

Once you have your certificate, follow the procedure with their interface, and in your cPanel : SSL/TLS.

Was this answer helpful?

 Print this Article

Also Read

How to fight against junk bot traffic

We have put a protection server wide with a list of not desired bots. Indeed we remarked that...

Protection WordPress xmlrpc.php

You are actually by default on 'YOORshop defaut', this is good to know if need to reverse config...

Backup and restore of your files

1. You can make an instant backup anytime of your data within cPanel. Backup :Full cPanel...

PHP files injection - file uploads ON-OFF

This article aims to explain the controversial and necessary role of the variable php.ini...

MANDATORY security measures for WordPress

It is not a secret, wordpress websites suffer from multiple attacks and increasingly causing...