Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SG Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step - our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.
The system we’ve developed catches the requests to your domain on the fly and replaces the used protocol. This is a server level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason it doesn’t work for you, you can simply disable the HTTPS enforcer and everything will be back to the previous state, without any damage to your site.
External Links Rewrite
Having your domain switched to HTTPS may not be enough for your site to be marked as secure by the browser. If you are loading content from an external location using an http link, the browser may show a warning for “Insecure Content” to your visitors. To solve this issue we have provided a separate switch to re-write external links too. We made external link rewriting a separate option, as the resources already utilised on your site may not be available over HTTPS. In this case, you may decide to have them loaded with a mixed content warning instead of not having them loaded at all.
So what is the best way to go HTTPS?
It depends on how experienced you are.
Of course, if you feel confident enough the best way to make your site work through HTTPS is to manually re-configure your application, change all links of loaded resources to https. Thus you will avoid most possible issues. However, that is a task that requires some technical knowledge to be completed properly because resources can be loaded from the database, from a plugin or from your theme itself.
Second best option is available for our WordPress users - the same logic as above, but done through an application plugin - our SG optimizer. It requires only plugin installation.
Third, you may use the new options in the cPanel Let’s Encrypt interface. This is the easiest and fastest way working very well for the majority of the website. However, as the setting is on a server level, there may be a chance that it conflicts with a setting on the application level if there are some hard codes for the HTTPS/HTTP protocols already done in the htaccess file. We recommend it for people that have not and cannot use the previous two options.