Let’s Encrypt Interface New Options

Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SG Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step - our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.

HTTPS Enforce

The system we’ve developed catches the requests to your domain on the fly and replaces the used protocol. This is a server level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason it doesn’t work for you, you can simply disable the HTTPS enforcer and everything will be back to the previous state, without any damage to your site.

External Links Rewrite

Having your domain switched to HTTPS may not be enough for your site to be marked as secure by the browser. If you are loading content from an external location using an http link, the browser may show a warning for “Insecure Content” to your visitors. To solve this issue we have provided a separate switch to re-write external links too. We made external link rewriting a separate option, as the resources already utilised on your site may not be available over HTTPS. In this case, you may decide to have them loaded with a mixed content warning instead of not having them loaded at all.

So what is the best way to go HTTPS?

It depends on how experienced you are.

Of course, if you feel confident enough the best way to make your site work through HTTPS  is to manually re-configure your application, change all links of loaded resources to https. Thus you will avoid most possible issues. However, that is a task that requires some technical knowledge to be completed properly because resources can be loaded from the database, from a plugin or from your theme itself.

Second best option is available for our WordPress users - the same logic as above, but done through an application plugin - our SG optimizer. It requires only plugin installation.

Third, you may use the new options in the cPanel Let’s Encrypt interface. This is the easiest and fastest way working very well for the majority of the website. However, as the setting is on a server level, there may be a chance that it conflicts with a setting on the application level if there are some hard codes for the HTTPS/HTTP protocols already done in the htaccess file. We recommend it for people that have not and cannot use the previous two options.

Manager of WordPress Initiatives

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!


  1. Reply May 22, 2017 / 09:41 AlexSiteGround Team

    Al fin, gran noticia. 🙂

  2. Reply June 7, 2017 / 10:28 Jerry NealeSiteGround Team

    Thanks, Hristo. Is there an SG Optimizer for Joomla?

  3. Reply June 7, 2017 / 12:12 MartinSiteGround Team

    Thanks for making SSL Certificates free and so easy to install, it's fantastic!

  4. Reply June 7, 2017 / 22:26 Frank OkunSiteGround Team

    SiteGround offering the free HTTPS was one of the reasons Nevada Website Design chose SiteGround for hosting along with switching clients to the platform. SiteGround offers the best support and performance of any of the other hosting providers we tried for our business and our clients. Thanks SiteGround!

    • Reply June 8, 2017 / 01:24 Hristo PandjarovSiteGround Team

      Thanks for the kind words! We're happy you're trusting your business with us!

    • Reply June 8, 2017 / 21:06 brianSiteGround Team

      We are another Nevada company that just switched all of our clients over to SiteGround - Great support, I got help with a Divi builder issue. And thanks for the cPannel HTTPS config.


  5. Reply June 7, 2017 / 22:50 Inspired EarthSiteGround Team

    Brilliant. Thanks for your efforts in this important area of Internet encryption. And for diving into LetsEncrypt rather than hanging on to trying to make money from selling SSL certificates (a dying thing of the past, that some hosts I work with are still hooked on, and thus refuse to implement important services like LetsEncrypt).
    Keep up the great work.

  6. Reply June 7, 2017 / 23:43 ssnobbenSiteGround Team

    Pls update the Joomla SG cache optimizer plg as well! Thnks!

    • Reply June 8, 2017 / 01:28 Hristo PandjarovSiteGround Team

      For Joomla sites, you can safely enforce HTTPS using the cPanel plugin!

  7. Reply June 8, 2017 / 01:01 Paul BSiteGround Team

    Excellent article and very helpful. Great service guys!

  8. Reply June 8, 2017 / 01:52 Kristof DevosSiteGround Team

    Hi, just a quick question, can switching to https in the SG plugin cause SEO problems?

    • Reply June 8, 2017 / 02:53 Hristo PandjarovSiteGround Team

      It should benefit your SEO actually. Just make sure all 3rd party services like Google Analytics that rely on the protocol are configured to load your site over https.

      • June 8, 2017 / 03:42 Kristof DevosSiteGround Team

        Ok, great! Is there like a manual on how to set that up, after pulling the switch?

      • June 9, 2017 / 02:29 Hristo PandjarovSiteGround Team

        You don't need to do anything after flipping the switch 🙂

    • Reply June 9, 2017 / 03:44 Kristof DevosSiteGround Team

      Hi Hristo, I found the analytics settings, but I do have one question left. When I check my redirects, I have two of them with non www. First it goes to https:// and then to https://www while it should go directly to that last one. You can have a look here: https://ibb.co/dnTpDF

      Is there a way to make that one redirect instead of two?

      • June 9, 2017 / 04:13 Hristo PandjarovSiteGround Team

        Those are different settings. If your site is configured to work via www and https there shouldn't be any redirects at all. As per the redirect itself, please post a ticket in your Help Desk and ask someone from our support team to look into your .htaccess file and check if the rules can be safely combined into one.

  9. Reply June 8, 2017 / 02:23 NishantSiteGround Team

    Since I already use SG-Optimizer plugin and have enabled Let's encrypt SSL on my WordPress site a month ago, do these new features on cPanel have any relevance/feature addition for me? Or is it a tool only for sites not on WordPress and hadn't made the switch to SSL yet?

    • Reply June 8, 2017 / 02:52 Hristo PandjarovSiteGround Team

      No, you don't need to use this functionality if your site is already working over SSL.

  10. Reply June 8, 2017 / 03:28 LeilaSiteGround Team

    Many thanks! This is great service from SiteGround as it's getting more and more important to use SSL and this is one of the reasons I recommend you to my clients. By the way, it's really easy to configure Joomla to use https.

  11. Reply June 8, 2017 / 06:01 JerrySiteGround Team

    I've been converting sites from http to https for quite a while now but the new tools are a nice addition that make it even easier.

  12. Reply June 8, 2017 / 07:27 Gary McHughSiteGround Team

    This is awesome. Can you tell us when you will make the certs auto renew? This is one of let's encrypts promotion points. Much better than us having to renew them for every site 4 times a year.

    • Reply June 9, 2017 / 02:29 Hristo PandjarovSiteGround Team

      All Let's Encrypt certificates renew automatically!

  13. Reply June 8, 2017 / 10:36 MarkSiteGround Team

    So, just so I make sure I understand completely, if I decide to use the WP SG Optimizer plugin, I do not need to use Let's Encrypt or do anything else in Cpanel or elsewhere? Nothing else to set up at Siteground or on Cpanel?

    And does SG Optimizer change HTTP to HTTPS in the database?

    • Reply June 9, 2017 / 02:32 Hristo PandjarovSiteGround Team

      There are two things that must be done to have a properly working website:

      1. You need a certificate - Let's Encrypt is a free SSL certificate that you can install for each one of the domains hosted in your account
      2. You need to have your application configured to work via https. The Enforce HTTPS switch will do that for all applications since it works on domain level. The SG Optimizer SSL page will do the same only for WordPress sites. The last option is to manually configure your site to work via HTTPS. It's up to you which way you will device do configure your site 🙂

  14. Reply June 8, 2017 / 12:27 BenSiteGround Team


    is the cPanel Let's Encrypt HTTPS Enforce option available on your cloud and dedicated servers, or just your shared hosting?

    I'm not seeing the option in my cloud cPanel.

    • Reply June 9, 2017 / 04:08 Hristo PandjarovSiteGround Team

      There are some differences in the infrastructure that prevents us from applying that update right away but I hope it will be available for cloud users really soon.

  15. Reply June 9, 2017 / 08:59 Stan BrownSiteGround Team

    My site BrownMath.com is all custom code -- no Joomla or WordPress etc. I followed the advice a few months ago to update .htaccess to rewrite http links as https, and it seems to work fine. Is there any benefit to doing the Control Panel settings also?

    • Reply June 12, 2017 / 03:12 Hristo PandjarovSiteGround Team

      If it's already working fine, you don't need to use the new functionality 🙂

      • June 13, 2017 / 08:52 Stan BrownSiteGround Team

        Great -- thanks!

  16. Reply June 9, 2017 / 13:50 TimSiteGround Team

    Could you suggest a road map for learning how to manually reconfigure a WordPress site on a SiteGround shared hosting plan? I think I am more interested in that option than adding another plugin.

    • Reply June 13, 2017 / 00:10 Hristo PandjarovSiteGround Team

      The new tool works directly from cPanel and does not require a plugin installation. However, since your site is a WordPress one, all our optimization features are within the SG Optimizer plugin and the coresponding cPanel tool. We don't have a rodamap tutorial but that's a really good idea and I will discuss it with the rest of the team for sure.

  17. Reply June 10, 2017 / 20:30 peterSiteGround Team

    Hello, this is a great step and very well timed as only a few weeks back I contacted your team re this issue.
    Just to confirm in my mind though, I do not have a WP site, mine are hand coded using HTML / CSS and my domains are held at Google so does this still apply to me?
    I am reasonably experienced in coding but anything beyond that my be a challenge.
    Again, congrats on this move, it can only increase the pressure on lesser hosts~

    • Reply June 12, 2017 / 03:14 Hristo PandjarovSiteGround Team

      The tool works based on a service we've devloped and doesn't rely on the app itself, so it should be perfect for custom solutions like yours.

  18. Reply June 12, 2017 / 03:43 peterSiteGround Team

    Thanks very much Hristo, as soon as I get some spare moments I will try it out.
    Keep up the wonderful work.

  19. Reply June 13, 2017 / 12:09 Ian RaynerSiteGround Team


    Thanks for the article. SG Optimizer appears attractive, but I have a couple quick questions:

    1) Can you confirm it makes it easy to move to PHP 7.0?
    2) I assume if I used its force SSL functionality, I would deactivate Really Simple SSL?
    3) Will it operate alongside Comet Cache?
    4) How would this all work with my local installation (my dev site) which I access using the free version of MAMP?

    Totally understand if you don't have time to get into the weeds here, but any guidane would be helpful!


    • Reply June 14, 2017 / 05:05 Hristo PandjarovSiteGround Team

      Hey Ian,

      The plugin checks whether your site will run fine on PHP 7.0 and allows you to upgrade with a single click. Note, that you can do that manually (without the check part) from the PHP Version tool in cPanel. As to the SSL functionality, yes, you can delete Really Simple SSL if you have it through our plugin. The same applies to Comet Cache - there is no need using it if the Dynamic caching is configured and working properly. Our caching system is way faster than the results you can get from any caching plugin. The plugin links your application to our services and utilizes them, which means it will not work on your local environment for the caching and PHP switching part. Forcing HTTPS should work fine but since I am not aware about your config, I can't be 100% sure for that too. Generally, I wouldn't use any caching/performance plugins locally.

      • June 15, 2017 / 11:36 Ian RaynerSiteGround Team


        Thanks for your excellent and detailed reply. Gives me a lot more confidence to go ahead (I like being able to reduce the total number of plug-ins).

        I must compliment you on your efforts to reply to all the questions here - I am sure it is appreciated by everyone.


      • June 16, 2017 / 09:20 Ian RaynerSiteGround Team


        Backed up my site, switched on SG Optimizer, switched off Comet Cache and Really Simple SSL. Once I flushed my Cloudflare cache everything looks great. Did a quick check at Pingdom and found my site scoring in the (Faster than) 70 - 80% range vs. 50 - 60% previously.

        A great improvement! Thanks. Now I have to figure out how to get my grade up from C to A.


  20. Reply June 13, 2017 / 18:57 Raena BrowneSiteGround Team

    This was awesome news!

    I had to update to PHP 7 first before switching to HTTPS, which was easily done through the SG Optimizer. Website is now encrypted! Really impressed with your services. Thanks!

  21. Reply June 14, 2017 / 15:23 BrandonSiteGround Team

    So after reading the article and an above comment, I'm still not 100% sure on the following.

    Do I need to flip the switch to enforce HTTPS in the cpanel AND add the plugin? OR just add the plugin and leave the switch off? I can't imagine I'm the only one with this confusion.

    • Reply June 15, 2017 / 00:26 Hristo PandjarovSiteGround Team

      If you're using WordPress, just flip the switch in the plugin. The cPanel tool presented in this post is a separate service and it does not rely on the application you're using.

  22. Reply June 16, 2017 / 06:41 SteveSiteGround Team

    Brilliant thank you for this. SG are streets ahead of others in what must be the way forward. Do you have any tutorials on what to do next once the site is running HTTPS? I'm thinking specifically at Google Webmaster.

    • Reply June 19, 2017 / 02:21 Hristo PandjarovSiteGround Team

      GWT doesn't requrie readjusting, just Analytics 🙂

  23. Reply July 19, 2017 / 00:56 PieterSiteGround Team


    So this makes a plugin like Really Simple SSL unnecessary?

    • Reply July 19, 2017 / 02:51 Angelina MichevaSiteGround Team

      Hi Pieter,

      Regarding functionality both Really Simple SSL and SG Optimizer can help you to configure HTTPS for your site. Really Simple SSL has Premium paid version as well, while SG Optimizer is entirely free to use.
      The 2 plugins have a different approach to handling mixed content modifications. With the SG Optimizer we do not make the changes automatically but give our clients the option to apply them, after checking if external resources are accessible via HTTPS or HTTP.
      We have developed the functionality to activate HTTPS on WordPress sites via SG Optimizer by popular demand. In addition as a hosting company we would like our clients to have an easy way to take advantage of the optimization and security benefits of using HTTPS. We give our clients the freedom to select the plugin that bests serves the needs of their website and their preferences for features available in the plugin.

  24. Reply September 14, 2017 / 11:10 Erica SchaafSiteGround Team

    I did the Enforce HTTPS button in the SG Cpanel and thought that was all I had to do. It reflects https:// in the domain name now, but I can't "activate" any plugins and the woo buttons on the website are not clickable. Will SG support be able to help me?

    • Reply September 15, 2017 / 05:52 Angelina MichevaSiteGround Team

      Hi Erica,

      When you use the functionality of the "Enforce HTTPS" button you tell the server to create a rule in the Apache configuration that sends all requests to the domain towards "https://yourdomain.com
      We are not able to locate your account and check if your site is set to work properly with https, so we suggest you disable the "Enforce HTTPS" option and review your site. In case you are not able to configure it correctly you can submit a ticket via our HelpDesk. In this way our techs can check your site and help to resolve the issues.

  25. Reply September 21, 2017 / 22:20 ChristineSiteGround Team

    We've just tried to use option 2 and installed the plugin but once i forced HTTPS the whole website formatting was gone...how can we install a certificate without that happening?

    • Reply September 22, 2017 / 02:29 Hristo PandjarovSiteGround Team

      Just disable the HTTPS force and you will be able to configure your site manually.

  26. Reply October 9, 2017 / 04:46 ClaudiaSiteGround Team

    As a brand new blogger with no posts yet, do i need the plug-in or just turn the switch on in cPanel?

    • Reply October 9, 2017 / 05:53 Hristo PandjarovSiteGround Team

      Whatever you prefer. If you're on WordPress, I'd recommend using the SG Optimizer plugin and its functionality to do it.

  27. Reply October 9, 2017 / 05:45 ShwethaSiteGround Team

    Hey this is very useful. Thank you for sharing, it made my site protect against a wide array of attacks.

  28. Reply October 11, 2017 / 20:30 Ed MorrisSiteGround Team

    My site has an expired GlobalSign ssl cert and a Simplify credit card processing add-on. Can I simply delete this expired cert in cPanel and replace with a Let’s Encrypt cert, or is there additional work needed?

    • Reply October 12, 2017 / 03:02 Angelina MichevaSiteGround Team

      Hi Ed,

      To be able to install a Let's Encrypt certificate for your selected domain, the first step is to delete any existing certificates for this domain with a previous provider. Then it is very easy to activate it for your website via cPanel, you can find full instructions for that in our tutorial: https://www.siteground.com/tutorials/cpanel/lets-encrypt/

      • October 14, 2017 / 19:21 Ed MorrisSiteGround Team

        I removed the cert in cPanel but when trying to install Let’s Encrypt, it’s saying that I still have an active cert and to have tech support help me remove it

      • October 16, 2017 / 00:47 Hristo PandjarovSiteGround Team

        Please, open a ticket in your Help Desk, our support team will happily look into it 🙂

  29. Reply November 26, 2017 / 07:27 Ayush GuptaSiteGround Team

    This is perfect! Installed SSL on my WordPress website and the complete website is now running SSL just under 3 minutes! SG Rocks!

  30. Reply January 4, 2018 / 16:45 Tom ParnellSiteGround Team

    Good information, great service - it works well.
    Just moved to SiteGround - very impressed!

  31. Reply February 3, 2018 / 00:12 zySiteGround Team

    Hello,I try to Install,but have problem,choose Let's Encrypt:

    Installed Certificates
    You have no Let's Encrypt certificates installed on your account.

    and there is no button can choose HTTPS Enforce & External Links Rewrite..off or on

    fill my email,choose Install button ,but did not succeed said
    There was a problem installing the certificate. Please contact support for more information.

    How to solve this problem so that I can successfully installed?thank you very much!

    • Reply February 5, 2018 / 01:46 Hristo PandjarovSiteGround Team

      Please, post a ticket in your Help Desk, my collegues will check your case in details and help you out!

  32. Reply March 9, 2018 / 23:52 Brian BrownSiteGround Team

    We are testing a site on siteground with Let's Encrypt and not all links are being rewritten, even with the external links option enabled. Suggestions on what to check?

    • Reply March 12, 2018 / 00:58 Hristo PandjarovSiteGround Team

      It really depends on the particular site. You can mail me directly at hristo.p at siteground.com and I will get back to you 🙂

  33. Reply August 13, 2018 / 15:13 WilfredSiteGround Team


    Great stuff! Quick question does to SG optimizer also Fix content to https ? For example if we adds images to our blog, will they be http ? I use an external plugin for that right now.


    • Reply August 14, 2018 / 00:00 Hristo PandjarovSiteGround Team

      You can do that from the tool, there's a force SSL switch. If you're using WordPress, you can do that from the SG Optiimzer plugin too.

      • August 14, 2018 / 01:16 WilfredSiteGround Team

        Cool, thanks. I already have enabled it. So if i upload an image now to my blog, it will be automatically https correct ?

      • August 15, 2018 / 23:43 Hristo PandjarovSiteGround Team

        Yes, it should load through https. However, I would recommend that you still reconfigure your WordPress site from Options -> General to work through https 🙂

  34. Reply April 18, 2019 / 03:15 Andy HoangSiteGround Team

    WOAH! I've been meaning to put in SSL for a few years and always thought it would be hard. I've just gone into my Siteground account today, checked that LetsEncrypt was there (it was) then switched on "Enable HTTPS" in SG Optimizer and next thing you know, the site is in HTTPS and the "Not secure" sign in Chrome is gone. Took all of about 2 minutes.

    Thank you Siteground. I'm thoroughly impressed with the work you've put in to make it so that I don't have to do the work.

    • Reply April 18, 2019 / 07:18 Angelina MichevaSiteGround Team

      You are most welcome, Andy! We are happy to hear that we made it easy for you to put a SSL certificate and configure your site to use HTTPS with our tools and features.

  35. Reply April 30, 2019 / 06:01 RobeenSiteGround Team

    From my cpanel, Manage HTTPS Settings, I have enabled HTTPS Enforce and
    External Links Rewrite but still no effect.

    • Reply May 2, 2019 / 01:53 Hristo PandjarovSiteGround Team

      Please, open a ticket in your Help Desk and our support team will assist you further.

  36. Reply June 11, 2019 / 02:13 PKSiteGround Team

    How do we renew a SSL certificate? We use Siteground to create a SSL certificate, but now it shows as expired and our site is showing as with Potential Security Risk Ahead.
    Can you please recommend a solution?

    • Reply June 11, 2019 / 02:47 Hristo PandjarovSiteGround Team

      Certificates are automatically renewed. Please, contact our support team via the Help Desk to get additional assistance on that matter.

  37. Reply August 21, 2019 / 13:54 Hashim AzizSiteGround Team


    You say:

    "Of course, if you feel confident enough the best way to make your site work through HTTPS is to manually re-configure your application, change all links of loaded resources to https."

    By this part, do you mean something like doing a search-and-replace for "http" to "https" using the wp-cli tool?

    Since enabling SSL and flipping both "switches" I'm currently having an issue where the icons in WordPress' visual editor don't display unless External Links Rewrite is turned off. Would doing the afore-mentioned search-and-replace with wpl-cli and then switching the External Links Rewrite option back on solve this issue?

    • Reply August 22, 2019 / 00:58 Hristo PandjarovSiteGround Team

      If you're using WordPress, the best option is to turn OFF both options in Site Tools and use the Force HTTPS option in the SG Optimizer plugin. Then, check your site and you get Insecure content warning, only then turn on the second option for this purpose in the plugin. Ideally, you will have a nativelly configured site that won't use dynamic redirects to work via https.

  38. Reply August 30, 2019 / 23:06 shubhamSiteGround Team

    Because of the awesome support and lots of free features that come with siteground hosting many of my friends including myself have changed our hosting from bla bla to siteground. It is amazing.
    HAIL SITEGROUND ( the fastest )

  39. Reply January 20, 2020 / 23:11 NealSiteGround Team

    What if you have the new interface and there is not option for the External Links Rewrite? I don't see that option anywhere.

    • Reply January 21, 2020 / 01:42 Hristo PandjarovSiteGround Team

      You can use the SG Optimizer plugin to properly configure your WordPress app to work with SSL, it supports the dynamic rewrite too in case it is needed.


* (Required)