Let’s Encrypt Tutorial

Learn more about the Let’s Encrypt service

SiteGround has been supporting the Let’s Encrypt global initiative for creating free SSL certificates for everybody from its beginning. We automatically issue and install a free certificate for the majority of the domains that are pointed to our shared servers and we allow one click installations for domains on cloud and dedicated accounts. Now, all of our customers can also install free Let’s Encrypt Wildcard to any of their domains pointed with us.

How to see the Let's Encrypt certificates issued for your account?

To access the Let's Encrypt certificate tool, log in to your cPanel and click on the Let's Encrypt icon in the Security tab.

Once there, you will see a list of the active Let’s Encrypt certificates for your account.

How to issue and install a new Let's Encrypt certificate yourself?

Select a domain name and the type of certificate you wish to install and click install.

In a few moments, you will have a working SSL certificate for your domain name!

Now you just need to configure your application to work via https:// to start using the certificate on your site.

How to upgrade an existing Let’s Encrypt certificate to Let’s Encrypt Wildcard?

If you already have a single domain Let’s Encrypt certificate for one of your domains, but you wish to replace it with a Wildcard one, you can just click on the “Get Wildcard” button next to the certificate you wish to replace. This will install Wildcard to the domain name you have replaced the certificate for, as well as all of its subdomains (except of add-on domains, if any).

How to enforce the certificate on your site?

Issuing a certificate is just a first step in making your website work properly over HTTPS. You usually need some additional configuration so that your domain is not accessible both over http and https, in order to avoid duplicate content. Additionally you may need to rewrite any links to external content, so that your site does not show warnings for mixed content in the browser. The best way to do this changes are in your specific application, but if you are not sure how, we have created a shortcut in the Let’s Encrypt interface that allows you to both enforce the certificate and rewrite the links with a single click (more details in our blog). You can manage the HTTPS settings of your domain name in the “Actions” menu next to your domain name.
Have in mind that the HTTPS settings for domains with Let’s Encrypt Wildcard are only applied to the primary domain.

How to renew a Let's Encrypt certificate?

Let’s Encrypt certificates issued by SiteGround are automatically renewed by us until they are canceled. You don't need to do anything manually.

How to cancel a Let's Encrypt certificate?

If you want to cancel an installed certificate just click on the Cancel button next to the domain name.

Check out our Let's Encrypt FAQ database if you have additional questions regarding this service.

Prerequisites for installing a Let's Encrypt certificate

There are a few requirements that a domain should meet so you can install a Let's Encrypt certificate successfully on it.

  • The domain and its www subdomain should be both pointed to your cPanel account IP address. Otherwise the certificate cannot be verified and installed on your domain.
  • If you’re attempting to install a Let’s Encrypt Wildcard SSL for a domain name, the server hosting your account must be in control of the DNS zone for the respective domain.
  • There should not be a general redirect upon the installation of the certificate, as it would prevent the HTTP validation from completing. You should temporary remove such redirects until the certificate's installation is completed. You may safely re-add them after the certificate is successfully installed.
  • By default, if you initiate installation of  a Let's Encrypt certificate on your primary domain, cPanel would include your parked domains in the installation of the SSL. This means that if you have a parked domain that is not pointed to your cPanel's IP address, the installation of the SSL would fail. You should either point these domains to your cPanel account, or temporary unpark them until the installation completes.

Let's Encrypt limits

The Let's Encrypt installation has several rate limits applied and if you have reached one of those, the installation of a new certificate will not be successful. The most frequently met limits are:

  • 5 Duplicate certificates successfully issued and installed for the same domain name per week. For instance, if you requested a certificate for the example.com and www.example.com domains, you could request four more certificates for those domains during the week. If you changed the set of names by using a subdomain such as blog.example.com, you would be able to request additional certificates.
  • 5 Failed Validations per domain name per hour. If you attempt to install Let's Encrypt certificate for your domain name, and the installation fails 5 times, you will not be able to request a new installation in the next hour and you need to wait for the limit to be lifted.

You may review all of the service limits on the official Let's Encrypt website here.