Let’s Encrypt Interface New Options

Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SG Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step - our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.

HTTPS Enforce

The system we’ve developed catches the requests to your domain on the fly and replaces the used protocol. This is a server level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason it doesn’t work for you, you can simply disable the HTTPS enforcer and everything will be back to the previous state, without any damage to your site.

External Links Rewrite

Having your domain switched to HTTPS may not be enough for your site to be marked as secure by the browser. If you are loading content from an external location using an http link, the browser may show a warning for “Insecure Content” to your visitors. To solve this issue we have provided a separate switch to re-write external links too. We made external link rewriting a separate option, as the resources already utilised on your site may not be available over HTTPS. In this case, you may decide to have them loaded with a mixed content warning instead of not having them loaded at all.

So what is the best way to go HTTPS?

It depends on how experienced you are.

Of course, if you feel confident enough the best way to make your site work through HTTPS  is to manually re-configure your application, change all links of loaded resources to https. Thus you will avoid most possible issues. However, that is a task that requires some technical knowledge to be completed properly because resources can be loaded from the database, from a plugin or from your theme itself.

Second best option is available for our WordPress users - the same logic as above, but done through an application plugin - our SG optimizer. It requires only plugin installation.

Third, you may use the new options in the cPanel Let’s Encrypt interface. This is the easiest and fastest way working very well for the majority of the website. However, as the setting is on a server level, there may be a chance that it conflicts with a setting on the application level if there are some hard codes for the HTTPS/HTTP protocols already done in the htaccess file. We recommend it for people that have not and cannot use the previous two options.

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

58 Comments

  1. Reply May 22, 2017 / 09:41 AlexSiteGround Team

    Al fin, gran noticia. 🙂

  2. Reply June 7, 2017 / 10:28 Jerry NealeSiteGround Team

    Thanks, Hristo. Is there an SG Optimizer for Joomla?

  3. Reply June 7, 2017 / 12:12 MartinSiteGround Team

    Thanks for making SSL Certificates free and so easy to install, it's fantastic!

  4. Reply June 7, 2017 / 22:26 Frank OkunSiteGround Team

    SiteGround offering the free HTTPS was one of the reasons Nevada Website Design chose SiteGround for hosting along with switching clients to the platform. SiteGround offers the best support and performance of any of the other hosting providers we tried for our business and our clients. Thanks SiteGround!

    • Reply June 8, 2017 / 01:24 Hristo PandjarovSiteGround Team

      Thanks for the kind words! We're happy you're trusting your business with us!

    • Reply June 8, 2017 / 21:06 brianSiteGround Team

      We are another Nevada company that just switched all of our clients over to SiteGround - Great support, I got help with a Divi builder issue. And thanks for the cPannel HTTPS config.

      Brian

  5. Reply June 7, 2017 / 22:50 Inspired EarthSiteGround Team

    Brilliant. Thanks for your efforts in this important area of Internet encryption. And for diving into LetsEncrypt rather than hanging on to trying to make money from selling SSL certificates (a dying thing of the past, that some hosts I work with are still hooked on, and thus refuse to implement important services like LetsEncrypt).
    Keep up the great work.

  6. Reply June 7, 2017 / 23:43 ssnobbenSiteGround Team

    Pls update the Joomla SG cache optimizer plg as well! Thnks!

    • Reply June 8, 2017 / 01:28 Hristo PandjarovSiteGround Team

      For Joomla sites, you can safely enforce HTTPS using the cPanel plugin!

  7. Reply June 8, 2017 / 01:01 Paul BSiteGround Team

    Excellent article and very helpful. Great service guys!

  8. Reply June 8, 2017 / 01:52 Kristof DevosSiteGround Team

    Hi, just a quick question, can switching to https in the SG plugin cause SEO problems?

    • Reply June 8, 2017 / 02:53 Hristo PandjarovSiteGround Team

      It should benefit your SEO actually. Just make sure all 3rd party services like Google Analytics that rely on the protocol are configured to load your site over https.

      • June 8, 2017 / 03:42 Kristof DevosSiteGround Team

        Ok, great! Is there like a manual on how to set that up, after pulling the switch?

      • June 9, 2017 / 02:29 Hristo PandjarovSiteGround Team

        You don't need to do anything after flipping the switch 🙂

    • Reply June 9, 2017 / 03:44 Kristof DevosSiteGround Team

      Hi Hristo, I found the analytics settings, but I do have one question left. When I check my redirects, I have two of them with non www. First it goes to https:// and then to https://www while it should go directly to that last one. You can have a look here: https://ibb.co/dnTpDF

      Is there a way to make that one redirect instead of two?

      • June 9, 2017 / 04:13 Hristo PandjarovSiteGround Team

        Those are different settings. If your site is configured to work via www and https there shouldn't be any redirects at all. As per the redirect itself, please post a ticket in your Help Desk and ask someone from our support team to look into your .htaccess file and check if the rules can be safely combined into one.

  9. Reply June 8, 2017 / 02:23 NishantSiteGround Team

    Since I already use SG-Optimizer plugin and have enabled Let's encrypt SSL on my WordPress site a month ago, do these new features on cPanel have any relevance/feature addition for me? Or is it a tool only for sites not on WordPress and hadn't made the switch to SSL yet?

    • Reply June 8, 2017 / 02:52 Hristo PandjarovSiteGround Team

      No, you don't need to use this functionality if your site is already working over SSL.

  10. Reply June 8, 2017 / 03:28 LeilaSiteGround Team

    Many thanks! This is great service from SiteGround as it's getting more and more important to use SSL and this is one of the reasons I recommend you to my clients. By the way, it's really easy to configure Joomla to use https.

  11. Reply June 8, 2017 / 06:01 JerrySiteGround Team

    I've been converting sites from http to https for quite a while now but the new tools are a nice addition that make it even easier.

  12. Reply June 8, 2017 / 07:27 Gary McHughSiteGround Team

    This is awesome. Can you tell us when you will make the certs auto renew? This is one of let's encrypts promotion points. Much better than us having to renew them for every site 4 times a year.

    • Reply June 9, 2017 / 02:29 Hristo PandjarovSiteGround Team

      All Let's Encrypt certificates renew automatically!

  13. Reply June 8, 2017 / 10:36 MarkSiteGround Team

    So, just so I make sure I understand completely, if I decide to use the WP SG Optimizer plugin, I do not need to use Let's Encrypt or do anything else in Cpanel or elsewhere? Nothing else to set up at Siteground or on Cpanel?

    And does SG Optimizer change HTTP to HTTPS in the database?

    • Reply June 9, 2017 / 02:32 Hristo PandjarovSiteGround Team

      There are two things that must be done to have a properly working website:

      1. You need a certificate - Let's Encrypt is a free SSL certificate that you can install for each one of the domains hosted in your account
      2. You need to have your application configured to work via https. The Enforce HTTPS switch will do that for all applications since it works on domain level. The SG Optimizer SSL page will do the same only for WordPress sites. The last option is to manually configure your site to work via HTTPS. It's up to you which way you will device do configure your site 🙂

  14. Reply June 8, 2017 / 12:27 BenSiteGround Team

    Hi,

    is the cPanel Let's Encrypt HTTPS Enforce option available on your cloud and dedicated servers, or just your shared hosting?

    I'm not seeing the option in my cloud cPanel.

    • Reply June 9, 2017 / 04:08 Hristo PandjarovSiteGround Team

      There are some differences in the infrastructure that prevents us from applying that update right away but I hope it will be available for cloud users really soon.

  15. Reply June 9, 2017 / 08:59 Stan BrownSiteGround Team

    My site BrownMath.com is all custom code -- no Joomla or WordPress etc. I followed the advice a few months ago to update .htaccess to rewrite http links as https, and it seems to work fine. Is there any benefit to doing the Control Panel settings also?

    • Reply June 12, 2017 / 03:12 Hristo PandjarovSiteGround Team

      If it's already working fine, you don't need to use the new functionality 🙂

      • June 13, 2017 / 08:52 Stan BrownSiteGround Team

        Great -- thanks!

  16. Reply June 9, 2017 / 13:50 TimSiteGround Team

    Could you suggest a road map for learning how to manually reconfigure a WordPress site on a SiteGround shared hosting plan? I think I am more interested in that option than adding another plugin.

    • Reply June 13, 2017 / 00:10 Hristo PandjarovSiteGround Team

      The new tool works directly from cPanel and does not require a plugin installation. However, since your site is a WordPress one, all our optimization features are within the SG Optimizer plugin and the coresponding cPanel tool. We don't have a rodamap tutorial but that's a really good idea and I will discuss it with the rest of the team for sure.

  17. Reply June 10, 2017 / 20:30 peterSiteGround Team

    Hello, this is a great step and very well timed as only a few weeks back I contacted your team re this issue.
    Just to confirm in my mind though, I do not have a WP site, mine are hand coded using HTML / CSS and my domains are held at Google so does this still apply to me?
    I am reasonably experienced in coding but anything beyond that my be a challenge.
    Again, congrats on this move, it can only increase the pressure on lesser hosts~

    • Reply June 12, 2017 / 03:14 Hristo PandjarovSiteGround Team

      The tool works based on a service we've devloped and doesn't rely on the app itself, so it should be perfect for custom solutions like yours.

  18. Reply June 12, 2017 / 03:43 peterSiteGround Team

    Thanks very much Hristo, as soon as I get some spare moments I will try it out.
    Keep up the wonderful work.
    Cheers~

  19. Reply June 13, 2017 / 12:09 Ian RaynerSiteGround Team

    Hristo,

    Thanks for the article. SG Optimizer appears attractive, but I have a couple quick questions:

    1) Can you confirm it makes it easy to move to PHP 7.0?
    2) I assume if I used its force SSL functionality, I would deactivate Really Simple SSL?
    3) Will it operate alongside Comet Cache?
    4) How would this all work with my local installation (my dev site) which I access using the free version of MAMP?

    Totally understand if you don't have time to get into the weeds here, but any guidane would be helpful!

    Ian

    • Reply June 14, 2017 / 05:05 Hristo PandjarovSiteGround Team

      Hey Ian,

      The plugin checks whether your site will run fine on PHP 7.0 and allows you to upgrade with a single click. Note, that you can do that manually (without the check part) from the PHP Version tool in cPanel. As to the SSL functionality, yes, you can delete Really Simple SSL if you have it through our plugin. The same applies to Comet Cache - there is no need using it if the Dynamic caching is configured and working properly. Our caching system is way faster than the results you can get from any caching plugin. The plugin links your application to our services and utilizes them, which means it will not work on your local environment for the caching and PHP switching part. Forcing HTTPS should work fine but since I am not aware about your config, I can't be 100% sure for that too. Generally, I wouldn't use any caching/performance plugins locally.

      • June 15, 2017 / 11:36 Ian RaynerSiteGround Team

        Hristo,

        Thanks for your excellent and detailed reply. Gives me a lot more confidence to go ahead (I like being able to reduce the total number of plug-ins).

        I must compliment you on your efforts to reply to all the questions here - I am sure it is appreciated by everyone.

        Ian

      • June 16, 2017 / 09:20 Ian RaynerSiteGround Team

        Hristo,

        Backed up my site, switched on SG Optimizer, switched off Comet Cache and Really Simple SSL. Once I flushed my Cloudflare cache everything looks great. Did a quick check at Pingdom and found my site scoring in the (Faster than) 70 - 80% range vs. 50 - 60% previously.

        A great improvement! Thanks. Now I have to figure out how to get my grade up from C to A.

        Ian

  20. Reply June 13, 2017 / 18:57 Raena BrowneSiteGround Team

    This was awesome news!

    I had to update to PHP 7 first before switching to HTTPS, which was easily done through the SG Optimizer. Website is now encrypted! Really impressed with your services. Thanks!

  21. Reply June 14, 2017 / 15:23 BrandonSiteGround Team

    So after reading the article and an above comment, I'm still not 100% sure on the following.

    Do I need to flip the switch to enforce HTTPS in the cpanel AND add the plugin? OR just add the plugin and leave the switch off? I can't imagine I'm the only one with this confusion.

    • Reply June 15, 2017 / 00:26 Hristo PandjarovSiteGround Team

      If you're using WordPress, just flip the switch in the plugin. The cPanel tool presented in this post is a separate service and it does not rely on the application you're using.

  22. Reply June 16, 2017 / 06:41 SteveSiteGround Team

    Brilliant thank you for this. SG are streets ahead of others in what must be the way forward. Do you have any tutorials on what to do next once the site is running HTTPS? I'm thinking specifically at Google Webmaster.

    • Reply June 19, 2017 / 02:21 Hristo PandjarovSiteGround Team

      GWT doesn't requrie readjusting, just Analytics 🙂

  23. Reply July 19, 2017 / 00:56 PieterSiteGround Team

    Hristo,

    So this makes a plugin like Really Simple SSL unnecessary?

    • Reply July 19, 2017 / 02:51 Angelina MichevaSiteGround Team

      Hi Pieter,

      Regarding functionality both Really Simple SSL and SG Optimizer can help you to configure HTTPS for your site. Really Simple SSL has Premium paid version as well, while SG Optimizer is entirely free to use.
      The 2 plugins have a different approach to handling mixed content modifications. With the SG Optimizer we do not make the changes automatically but give our clients the option to apply them, after checking if external resources are accessible via HTTPS or HTTP.
      We have developed the functionality to activate HTTPS on WordPress sites via SG Optimizer by popular demand. In addition as a hosting company we would like our clients to have an easy way to take advantage of the optimization and security benefits of using HTTPS. We give our clients the freedom to select the plugin that bests serves the needs of their website and their preferences for features available in the plugin.

  24. Reply September 14, 2017 / 11:10 Erica SchaafSiteGround Team

    I did the Enforce HTTPS button in the SG Cpanel and thought that was all I had to do. It reflects https:// in the domain name now, but I can't "activate" any plugins and the woo buttons on the website are not clickable. Will SG support be able to help me?

    • Reply September 15, 2017 / 05:52 Angelina MichevaSiteGround Team

      Hi Erica,

      When you use the functionality of the "Enforce HTTPS" button you tell the server to create a rule in the Apache configuration that sends all requests to the domain towards "https://yourdomain.com
      We are not able to locate your account and check if your site is set to work properly with https, so we suggest you disable the "Enforce HTTPS" option and review your site. In case you are not able to configure it correctly you can submit a ticket via our HelpDesk. In this way our techs can check your site and help to resolve the issues.

  25. Reply September 21, 2017 / 22:20 ChristineSiteGround Team

    We've just tried to use option 2 and installed the plugin but once i forced HTTPS the whole website formatting was gone...how can we install a certificate without that happening?

    • Reply September 22, 2017 / 02:29 Hristo PandjarovSiteGround Team

      Just disable the HTTPS force and you will be able to configure your site manually.

  26. Reply October 9, 2017 / 04:46 ClaudiaSiteGround Team

    As a brand new blogger with no posts yet, do i need the plug-in or just turn the switch on in cPanel?

    • Reply October 9, 2017 / 05:53 Hristo PandjarovSiteGround Team

      Whatever you prefer. If you're on WordPress, I'd recommend using the SG Optimizer plugin and its functionality to do it.

  27. Reply October 9, 2017 / 05:45 ShwethaSiteGround Team

    Hey this is very useful. Thank you for sharing, it made my site protect against a wide array of attacks.

  28. Reply October 11, 2017 / 20:30 Ed MorrisSiteGround Team

    My site has an expired GlobalSign ssl cert and a Simplify credit card processing add-on. Can I simply delete this expired cert in cPanel and replace with a Let’s Encrypt cert, or is there additional work needed?

    • Reply October 12, 2017 / 03:02 Angelina MichevaSiteGround Team

      Hi Ed,

      To be able to install a Let's Encrypt certificate for your selected domain, the first step is to delete any existing certificates for this domain with a previous provider. Then it is very easy to activate it for your website via cPanel, you can find full instructions for that in our tutorial: https://www.siteground.com/tutorials/cpanel/lets-encrypt/

      • October 14, 2017 / 19:21 Ed MorrisSiteGround Team

        I removed the cert in cPanel but when trying to install Let’s Encrypt, it’s saying that I still have an active cert and to have tech support help me remove it

      • October 16, 2017 / 00:47 Hristo PandjarovSiteGround Team

        Please, open a ticket in your Help Desk, our support team will happily look into it 🙂

  29. Reply November 26, 2017 / 07:27 Ayush GuptaSiteGround Team

    This is perfect! Installed SSL on my WordPress website and the complete website is now running SSL just under 3 minutes! SG Rocks!

Reply

* (Required)