Let’s Encrypt Interface New Options

Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SG Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step – our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.

HTTPS Enforce

The system we’ve developed catches the requests to your domain on the fly and replaces the used protocol. This is a server-level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason it doesn’t work for you, you can simply disable the HTTPS enforcer and everything will be back to the previous state, without any damage to your site.

External Links Rewrite

Having your domain switched to HTTPS may not be enough for your site to be marked as secure by the browser. If you are loading content from an external location using an http link, the browser may show a warning for “Insecure Content” to your visitors. To solve this issue we have provided a separate switch to re-write external links too. We made external link rewriting a separate option, as the resources already utilized on your site may not be available over HTTPS. In this case, you may decide to have them loaded with a mixed content warning instead of not having them loaded at all.

So what is the best way to go HTTPS?

It depends on how experienced you are.

Of course, if you feel confident enough the best way to make your site work through HTTPS  is to manually re-configure your application, change all links of loaded resources to https. Thus you will avoid most possible issues. However, that is a task that requires some technical knowledge to be completed properly because resources can be loaded from the database, from a plugin or from your theme itself.

Second best option is available for our WordPress users – the same logic as above, but done through an application plugin – our SG optimizer. It requires only plugin installation.

Third, you may use the new options in the cPanel Let’s Encrypt interface. This is the easiest and fastest way working very well for the majority of the website. However, as the setting is on a server level, there may be a chance that it conflicts with a setting on the application level if there are some hard codes for the HTTPS/HTTP protocols already done in the htaccess file. We recommend it for people that have not and cannot use the previous two options.

Hristo Pandjarov

WordPress Initiatives Manager

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments ( 78 )

Alex

May 22, 2017

Al fin, gran noticia. :)

Reply

Jerry Neale

Jun 07, 2017

Thanks, Hristo. Is there an SG Optimizer for Joomla?

Reply

Hristo Pandjarov Siteground Team

Jun 08, 2017

We have a plugin that connects our caching system with Joomla websites, but for SSL (https://www.siteground.com/tutorials/supercacher/dynamic_cache/#enable), I would recommend either manual configuration, or using the tool in cPanel.

Reply

Martin

Jun 07, 2017

Thanks for making SSL Certificates free and so easy to install, it's fantastic!

Reply

Frank Okun

Jun 08, 2017

SiteGround offering the free HTTPS was one of the reasons Nevada Website Design chose SiteGround for hosting along with switching clients to the platform. SiteGround offers the best support and performance of any of the other hosting providers we tried for our business and our clients. Thanks SiteGround!

Reply

Hristo Pandjarov Siteground Team

Jun 08, 2017

Thanks for the kind words! We're happy you're trusting your business with us!

Reply

brian

Jun 09, 2017

We are another Nevada company that just switched all of our clients over to SiteGround - Great support, I got help with a Divi builder issue. And thanks for the cPannel HTTPS config. Brian

Reply

Inspired Earth

Jun 08, 2017

Brilliant. Thanks for your efforts in this important area of Internet encryption. And for diving into LetsEncrypt rather than hanging on to trying to make money from selling SSL certificates (a dying thing of the past, that some hosts I work with are still hooked on, and thus refuse to implement important services like LetsEncrypt). Keep up the great work.

Reply

ssnobben

Jun 08, 2017

Pls update the Joomla SG cache optimizer plg as well! Thnks!

Reply

Hristo Pandjarov Siteground Team

Jun 08, 2017

For Joomla sites, you can safely enforce HTTPS using the cPanel plugin!

Reply

Paul B

Jun 08, 2017

Excellent article and very helpful. Great service guys!

Reply

Kristof Devos

Jun 08, 2017

Hi, just a quick question, can switching to https in the SG plugin cause SEO problems?

Reply

Hristo Pandjarov Siteground Team

Jun 08, 2017

It should benefit your SEO actually. Just make sure all 3rd party services like Google Analytics that rely on the protocol are configured to load your site over https.

Reply

Kristof Devos

Jun 08, 2017

Ok, great! Is there like a manual on how to set that up, after pulling the switch?

Reply

Hristo Pandjarov Siteground Team

Jun 09, 2017

You don't need to do anything after flipping the switch :)

Reply

Kristof Devos

Jun 09, 2017

Hi Hristo, I found the analytics settings, but I do have one question left. When I check my redirects, I have two of them with non www. First it goes to https:// and then to https://www while it should go directly to that last one. You can have a look here: https://ibb.co/dnTpDF Is there a way to make that one redirect instead of two?

Reply

Hristo Pandjarov Siteground Team

Jun 09, 2017

Those are different settings. If your site is configured to work via www and https there shouldn't be any redirects at all. As per the redirect itself, please post a ticket in your Help Desk and ask someone from our support team to look into your .htaccess file and check if the rules can be safely combined into one.

Reply

Nishant

Jun 08, 2017

Since I already use SG-Optimizer plugin and have enabled Let's encrypt SSL on my Wordpress site a month ago, do these new features on cPanel have any relevance/feature addition for me? Or is it a tool only for sites not on WordPress and hadn't made the switch to SSL yet?

Reply

Hristo Pandjarov Siteground Team

Jun 08, 2017

No, you don't need to use this functionality if your site is already working over SSL.

Reply

Leila

Jun 08, 2017

Many thanks! This is great service from SiteGround as it's getting more and more important to use SSL and this is one of the reasons I recommend you to my clients. By the way, it's really easy to configure Joomla to use https.

Reply

Jerry

Jun 08, 2017

I've been converting sites from http to https for quite a while now but the new tools are a nice addition that make it even easier.

Reply

Gary McHugh

Jun 08, 2017

This is awesome. Can you tell us when you will make the certs auto renew? This is one of let's encrypts promotion points. Much better than us having to renew them for every site 4 times a year.

Reply

Hristo Pandjarov Siteground Team

Jun 09, 2017

All Let's Encrypt certificates renew automatically!

Reply

Mark

Jun 08, 2017

So, just so I make sure I understand completely, if I decide to use the WP SG Optimizer plugin, I do not need to use Let's Encrypt or do anything else in Cpanel or elsewhere? Nothing else to set up at Siteground or on Cpanel? And does SG Optimizer change HTTP to HTTPS in the database?

Reply

Hristo Pandjarov Siteground Team

Jun 09, 2017

There are two things that must be done to have a properly working website: 1. You need a certificate - Let's Encrypt is a free SSL certificate that you can install for each one of the domains hosted in your account 2. You need to have your application configured to work via https. The Enforce HTTPS switch will do that for all applications since it works on domain level. The SG Optimizer SSL page will do the same only for WordPress sites. The last option is to manually configure your site to work via HTTPS. It's up to you which way you will device do configure your site :)

Reply

Ben

Jun 08, 2017

Hi, is the cPanel Let's Encrypt HTTPS Enforce option available on your cloud and dedicated servers, or just your shared hosting? I'm not seeing the option in my cloud cPanel.

Reply

Hristo Pandjarov Siteground Team

Jun 09, 2017

There are some differences in the infrastructure that prevents us from applying that update right away but I hope it will be available for cloud users really soon.

Reply

Stan Brown

Jun 09, 2017

My site BrownMath.com is all custom code -- no Joomla or Wordpress etc. I followed the advice a few months ago to update .htaccess to rewrite http links as https, and it seems to work fine. Is there any benefit to doing the Control Panel settings also?

Reply

Hristo Pandjarov Siteground Team

Jun 12, 2017

If it's already working fine, you don't need to use the new functionality :)

Reply

Stan Brown

Jun 13, 2017

Great -- thanks!

Reply

Tim

Jun 09, 2017

Could you suggest a road map for learning how to manually reconfigure a WordPress site on a SiteGround shared hosting plan? I think I am more interested in that option than adding another plugin.

Reply

Hristo Pandjarov Siteground Team

Jun 13, 2017

The new tool works directly from cPanel and does not require a plugin installation. However, since your site is a WordPress one, all our optimization features are within the SG Optimizer plugin and the coresponding cPanel tool. We don't have a rodamap tutorial but that's a really good idea and I will discuss it with the rest of the team for sure.

Reply

peter

Jun 11, 2017

Hello, this is a great step and very well timed as only a few weeks back I contacted your team re this issue. Just to confirm in my mind though, I do not have a WP site, mine are hand coded using HTML / CSS and my domains are held at Google so does this still apply to me? I am reasonably experienced in coding but anything beyond that my be a challenge. Again, congrats on this move, it can only increase the pressure on lesser hosts~

Reply

Hristo Pandjarov Siteground Team

Jun 12, 2017

The tool works based on a service we've devloped and doesn't rely on the app itself, so it should be perfect for custom solutions like yours.

Reply

peter

Jun 12, 2017

Thanks very much Hristo, as soon as I get some spare moments I will try it out. Keep up the wonderful work. Cheers~

Reply

Ian Rayner

Jun 13, 2017

Hristo, Thanks for the article. SG Optimizer appears attractive, but I have a couple quick questions: 1) Can you confirm it makes it easy to move to PHP 7.0? 2) I assume if I used its force SSL functionality, I would deactivate Really Simple SSL? 3) Will it operate alongside Comet Cache? 4) How would this all work with my local installation (my dev site) which I access using the free version of MAMP? Totally understand if you don't have time to get into the weeds here, but any guidane would be helpful! Ian

Reply

Hristo Pandjarov Siteground Team

Jun 14, 2017

Hey Ian, The plugin checks whether your site will run fine on PHP 7.0 and allows you to upgrade with a single click. Note, that you can do that manually (without the check part) from the PHP Version tool in cPanel. As to the SSL functionality, yes, you can delete Really Simple SSL if you have it through our plugin. The same applies to Comet Cache - there is no need using it if the Dynamic caching is configured and working properly. Our caching system is way faster than the results you can get from any caching plugin. The plugin links your application to our services and utilizes them, which means it will not work on your local environment for the caching and PHP switching part. Forcing HTTPS should work fine but since I am not aware about your config, I can't be 100% sure for that too. Generally, I wouldn't use any caching/performance plugins locally.

Reply

Ian Rayner

Jun 15, 2017

Hristo, Thanks for your excellent and detailed reply. Gives me a lot more confidence to go ahead (I like being able to reduce the total number of plug-ins). I must compliment you on your efforts to reply to all the questions here - I am sure it is appreciated by everyone. Ian

Reply

Ian Rayner

Jun 16, 2017

Hristo, Backed up my site, switched on SG Optimizer, switched off Comet Cache and Really Simple SSL. Once I flushed my Cloudflare cache everything looks great. Did a quick check at Pingdom and found my site scoring in the (Faster than) 70 - 80% range vs. 50 - 60% previously. A great improvement! Thanks. Now I have to figure out how to get my grade up from C to A. Ian

Reply

Raena Browne

Jun 14, 2017

This was awesome news! I had to update to PHP 7 first before switching to HTTPS, which was easily done through the SG Optimizer. Website is now encrypted! Really impressed with your services. Thanks!

Reply

Brandon

Jun 14, 2017

So after reading the article and an above comment, I'm still not 100% sure on the following. Do I need to flip the switch to enforce HTTPS in the cpanel AND add the plugin? OR just add the plugin and leave the switch off? I can't imagine I'm the only one with this confusion.

Reply

Hristo Pandjarov Siteground Team

Jun 15, 2017

If you're using WordPress, just flip the switch in the plugin. The cPanel tool presented in this post is a separate service and it does not rely on the application you're using.

Reply

Steve

Jun 16, 2017

Brilliant thank you for this. SG are streets ahead of others in what must be the way forward. Do you have any tutorials on what to do next once the site is running HTTPS? I'm thinking specifically at Google Webmaster.

Reply

Hristo Pandjarov Siteground Team

Jun 19, 2017

GWT doesn't requrie readjusting, just Analytics :)

Reply

Pieter

Jul 19, 2017

Hristo, So this makes a plugin like Really Simple SSL unnecessary?

Reply

Angelina Micheva

Jul 19, 2017

Hi Pieter, Regarding functionality both Really Simple SSL and SG Optimizer can help you to configure HTTPS for your site. Really Simple SSL has Premium paid version as well, while SG Optimizer is entirely free to use. The 2 plugins have a different approach to handling mixed content modifications. With the SG Optimizer we do not make the changes automatically but give our clients the option to apply them, after checking if external resources are accessible via HTTPS or HTTP. We have developed the functionality to activate HTTPS on WordPress sites via SG Optimizer by popular demand. In addition as a hosting company we would like our clients to have an easy way to take advantage of the optimization and security benefits of using HTTPS. We give our clients the freedom to select the plugin that bests serves the needs of their website and their preferences for features available in the plugin.

Reply

Erica Schaaf

Sep 14, 2017

I did the Enforce HTTPS button in the SG Cpanel and thought that was all I had to do. It reflects https:// in the domain name now, but I can't "activate" any plugins and the woo buttons on the website are not clickable. Will SG support be able to help me?

Reply

Angelina Micheva

Sep 15, 2017

Hi Erica, When you use the functionality of the "Enforce HTTPS" button you tell the server to create a rule in the Apache configuration that sends all requests to the domain towards "https://yourdomain.com We are not able to locate your account and check if your site is set to work properly with https, so we suggest you disable the "Enforce HTTPS" option and review your site. In case you are not able to configure it correctly you can submit a ticket via our HelpDesk. In this way our techs can check your site and help to resolve the issues.

Reply

Christine

Sep 22, 2017

We've just tried to use option 2 and installed the plugin but once i forced HTTPS the whole website formatting was gone...how can we install a certificate without that happening?

Reply

Hristo Pandjarov Siteground Team

Sep 22, 2017

Just disable the HTTPS force and you will be able to configure your site manually.

Reply

Claudia

Oct 09, 2017

As a brand new blogger with no posts yet, do i need the plug-in or just turn the switch on in cPanel?

Reply

Hristo Pandjarov Siteground Team

Oct 09, 2017

Whatever you prefer. If you're on WordPress, I'd recommend using the SG Optimizer plugin and its functionality to do it.

Reply

Shwetha

Oct 09, 2017

Hey this is very useful. Thank you for sharing, it made my site protect against a wide array of attacks.

Reply

Ed Morris

Oct 12, 2017

My site has an expired GlobalSign ssl cert and a Simplify credit card processing add-on. Can I simply delete this expired cert in cPanel and replace with a Let’s Encrypt cert, or is there additional work needed?

Reply

Angelina Micheva

Oct 12, 2017

Hi Ed, To be able to install a Let's Encrypt certificate for your selected domain, the first step is to delete any existing certificates for this domain with a previous provider. Then it is very easy to activate it for your website via cPanel, you can find full instructions for that in our tutorial: https://www.siteground.com/tutorials/cpanel/lets-encrypt/

Reply

Ed Morris

Oct 15, 2017

I removed the cert in cPanel but when trying to install Let’s Encrypt, it’s saying that I still have an active cert and to have tech support help me remove it

Reply

Hristo Pandjarov Siteground Team

Oct 16, 2017

Please, open a ticket in your Help Desk, our support team will happily look into it :)

Reply

Ayush Gupta

Nov 26, 2017

This is perfect! Installed SSL on my WordPress website and the complete website is now running SSL just under 3 minutes! SG Rocks!

Reply

Tom Parnell

Jan 04, 2018

Good information, great service - it works well. Just moved to SiteGround - very impressed!

Reply

zy

Feb 03, 2018

Hello,I try to Install,but have problem,choose Let's Encrypt: Installed Certificates You have no Let's Encrypt certificates installed on your account. and there is no button can choose HTTPS Enforce & External Links Rewrite..off or on fill my email,choose Install button ,but did not succeed said There was a problem installing the certificate. Please contact support for more information. How to solve this problem so that I can successfully installed?thank you very much!

Reply

Hristo Pandjarov Siteground Team

Feb 05, 2018

Please, post a ticket in your Help Desk, my collegues will check your case in details and help you out!

Reply

Brian Brown

Mar 10, 2018

We are testing a site on siteground with Let's Encrypt and not all links are being rewritten, even with the external links option enabled. Suggestions on what to check?

Reply

Hristo Pandjarov Siteground Team

Mar 12, 2018

It really depends on the particular site. You can mail me directly at hristo.p at siteground.com and I will get back to you :)

Reply

Wilfred

Aug 13, 2018

Hello, Great stuff! Quick question does to SG optimizer also Fix content to https ? For example if we adds images to our blog, will they be http ? I use an external plugin for that right now. Thanks

Reply

Hristo Pandjarov Siteground Team

Aug 14, 2018

You can do that from the tool, there's a force SSL switch. If you're using WordPress, you can do that from the SG Optiimzer plugin too.

Reply

Wilfred

Aug 14, 2018

Cool, thanks. I already have enabled it. So if i upload an image now to my blog, it will be automatically https correct ?

Reply

Hristo Pandjarov Siteground Team

Aug 16, 2018

Yes, it should load through https. However, I would recommend that you still reconfigure your WordPress site from Options -> General to work through https :)

Reply

Andy Hoang

Apr 18, 2019

WOAH! I've been meaning to put in SSL for a few years and always thought it would be hard. I've just gone into my Siteground account today, checked that LetsEncrypt was there (it was) then switched on "Enable HTTPS" in SG Optimizer and next thing you know, the site is in HTTPS and the "Not secure" sign in Chrome is gone. Took all of about 2 minutes. Thank you Siteground. I'm thoroughly impressed with the work you've put in to make it so that I don't have to do the work.

Reply

Angelina Micheva

Apr 18, 2019

You are most welcome, Andy! We are happy to hear that we made it easy for you to put a SSL certificate and configure your site to use HTTPS with our tools and features.

Reply

Robeen

Apr 30, 2019

From my cpanel, Manage HTTPS Settings, I have enabled HTTPS Enforce and External Links Rewrite but still no effect.

Reply

Hristo Pandjarov Siteground Team

May 02, 2019

Please, open a ticket in your Help Desk and our support team will assist you further.

Reply

PK

Jun 11, 2019

How do we renew a SSL certificate? We use Siteground to create a SSL certificate, but now it shows as expired and our site is showing as with Potential Security Risk Ahead. Can you please recommend a solution?

Reply

Hristo Pandjarov Siteground Team

Jun 11, 2019

Certificates are automatically renewed. Please, contact our support team via the Help Desk to get additional assistance on that matter.

Reply

Hashim Aziz

Aug 21, 2019

Hristo, You say: "Of course, if you feel confident enough the best way to make your site work through HTTPS is to manually re-configure your application, change all links of loaded resources to https." By this part, do you mean something like doing a search-and-replace for "http" to "https" using the wp-cli tool? Since enabling SSL and flipping both "switches" I'm currently having an issue where the icons in Wordpress' visual editor don't display unless External Links Rewrite is turned off. Would doing the afore-mentioned search-and-replace with wpl-cli and then switching the External Links Rewrite option back on solve this issue?

Reply

Hristo Pandjarov Siteground Team

Aug 22, 2019

If you're using WordPress, the best option is to turn OFF both options in Site Tools and use the Force HTTPS option in the SG Optimizer plugin. Then, check your site and you get Insecure content warning, only then turn on the second option for this purpose in the plugin. Ideally, you will have a nativelly configured site that won't use dynamic redirects to work via https.

Reply

shubham

Aug 31, 2019

Because of the awesome support and lots of free features that come with siteground hosting many of my friends including myself have changed our hosting from bla bla to siteground. It is amazing. HAIL SITEGROUND ( the fastest )

Reply

Neal

Jan 21, 2020

What if you have the new interface and there is not option for the External Links Rewrite? I don't see that option anywhere.

Reply

Hristo Pandjarov Siteground Team

Jan 21, 2020

You can use the SG Optimizer plugin to properly configure your WordPress app to work with SSL, it supports the dynamic rewrite too in case it is needed.

Reply

Start discussion

Ready to get your website started?

Choose a hosting plan, start or migrate your site in a few clicks, and grow your online presence!

Get Started Chat with an expert