SSL Certificate – how to install on shared hosting

1 Comment » Written on August 15th, 2016 by
Categories: Website Development

secured-websiteIf in a previous article I have approached where to get free SSL certificates for your website, let me continue here with step by step instructions on installation. I will be discussing here a particular case that I used on an IX WebHosting shared account. Installation at other web hosts will be different, so it is also good to check their knowledge base for details.

Given that you already have a IXWebHosting.com hosting account, you have two options to get a SSL certificate installed on your website: buy a certificate from the IXWebHosting offering or install an external certificate you got from somewhere else (like either bought or got for free). In my case I worked with a free certificate issued by Let's Encrypt authority.

  1. First make sure your domain where you want to install the SSL certificate is on dedicated IP. No worries, IXWebHosting comes with several dedicated IPs based on your hosting package.
  2. Then, you need to contact IXWebHosting support via Support Ticket and request for a CSR file to be issued for your chosen domain saying that you require this for an external SSL certificate to be issued. For the CSR file you will need to provide them with several details such as Company/Organization Name, Country, Region, City, Section, Domain Name.
  3. It shouldn't take long to get the CSR and Key files generated. These files will be available to download from the support ticket you created - so go ahead and download the files.
  4. Visit ZeroSSL website that will help you get a Let's Encrypt certificate quickly. Open your CSR file and copy all its content and paste it on ZeroSSL page, in the CSR field (second right field). Do not do any other changes or fill in any other details there. Simply accept the T&Cs and hit Next button.
  5. A Let's Encrypt account key will be generated (second left field). Go ahead and copy that text and paste it in a new TXT document next to the files generated by IXWebHosting. Hit Next again.
  6. At this stage you will be required to create some folders and a file in the root of your domain. Folders will be something like .well-known/acme-challenge/ . In the last subfolder you will have to create a file with the name given by the system (no file extension - best created with your FTP client). Open that file and paste the line of code also provided at this step. Once the folders and file were uploaded to your hosting account, click on the file name in the ZeroSSL page to run a test. If it returns the challenge code in your browser, you are good to go to next step, so hit Next.
  7. In the last step here you will be provided with an account ID for your Let's Encrypt certificate (I would recommend saving that account id somewhere among your files). Also, the certificate code is also generated here, so save this in a text file as well.
  8. Log in to your hosting account on IXWebHosting, hit the Manage Hosting button to get to the Control Panel. In Control Panel look for SSL option and click on it. Then find the domain where you want the SSL certificate installed and click on the link next to it, Import New Certificate.
  9. Here you will be having two fields to fill in: one is with the Server Key (open the Key file sent to you by IXWebHosting and copy and paste its content to the Server Key field), and another one is for the Certificate (copy and paste the Certificate code here).
  10. Click on Install. If all went ok, you should get a success message.
  11. Once your have the security certificate installed on your domain, in order to start using it I would recommend making some changes to your .htaccess file in the root folder of your domain. Add the following lines so that the server pushes all visitors to use the https version of your website:
Add these lines to your .htaccess fileRewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]

What this code do is basically tells the server to push all your website visitors to the https version of the site, and also with www. in front. Make sure you change the "example" in the code with your domain name.

Try your site now. It should be loading the https version, which means the site connection between the user browser to the server is secured. Please note that in order to look better secured, it would be ideal your site to have all internal links under the https format. Most likely internal links are relative, so no changes may be required, but make sure all is fine, like resources (css, java scripts..) and images of your website are accessed over https. Failure to do these changes will show to your website visitors a Secured connection but with a red flag as like "Your connection may not be private", which kind of has a counter effect to the whole scope of the SSL implementation.

Please remember that the Let's Encrypt certificate has a short validity (at the time of writing this article is 90 days). This means in 60-75 days you will need to go through steps 4 to 10 over again. If you do not want to waste your time with such re-installations, there is a paid version of certificate offered by IXWebHosting for about $50 / year. If you are interested, you may want to look for IXWebHosting discounts and offers.

Please note that on IXwebHosting - for reinstalls, you will have to split the certificate file in 2, one to be the certificate you can install, and second part to be the certificate chain that also needs to be installed (there is a second field for the chain). After installation, give it a few minutes for the server to update the info and test your new certificate with SSL Server Test or SSL Checker to make sure there are no certificate chain issues that could create error messages to your users.

One Response to “SSL Certificate – how to install on shared hosting”