Let’s Encrypt Interface New Options
Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SiteGround Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step – our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.
HTTPS Enforce
The system we’ve developed catches the requests to your domain on the fly and replaces the used protocol. This is a server-level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason it doesn’t work for you, you can simply disable the HTTPS enforcer and everything will be back to the previous state, without any damage to your site.
External Links Rewrite
Having your domain switched to HTTPS may not be enough for your site to be marked as secure by the browser. If you are loading content from an external location using an http link, the browser may show a warning for “Insecure Content” to your visitors. To solve this issue we have provided a separate switch to re-write external links too. We made external link rewriting a separate option, as the resources already utilized on your site may not be available over HTTPS. In this case, you may decide to have them loaded with a mixed content warning instead of not having them loaded at all.
So what is the best way to go HTTPS?
It depends on how experienced you are.
Of course, if you feel confident enough the best way to make your site work through HTTPS is to manually re-configure your application, change all links of loaded resources to https. Thus you will avoid most possible issues. However, that is a task that requires some technical knowledge to be completed properly because resources can be loaded from the database, from a plugin or from your theme itself.
Second best option is available for our WordPress users – the same logic as above, but done through an application plugin – our SiteGround Optimizer. It requires only plugin installation.
Third, you may use the new options in the cPanel Let’s Encrypt interface. This is the easiest and fastest way working very well for the majority of the website. However, as the setting is on a server level, there may be a chance that it conflicts with a setting on the application level if there are some hard codes for the HTTPS/HTTP protocols already done in the htaccess file. We recommend it for people that have not and cannot use the previous two options.
Comments ( 78 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Alex
Al fin, gran noticia. :)
Jerry Neale
Thanks, Hristo. Is there an SG Optimizer for Joomla?
Hristo Pandjarov Siteground Team
We have a plugin that connects our caching system with Joomla websites, but for SSL (https://www.siteground.com/tutorials/supercacher/dynamic_cache/#enable), I would recommend either manual configuration, or using the tool in cPanel.
Martin
Thanks for making SSL Certificates free and so easy to install, it's fantastic!
Frank Okun
SiteGround offering the free HTTPS was one of the reasons Nevada Website Design chose SiteGround for hosting along with switching clients to the platform. SiteGround offers the best support and performance of any of the other hosting providers we tried for our business and our clients. Thanks SiteGround!
Hristo Pandjarov Siteground Team
Thanks for the kind words! We're happy you're trusting your business with us!
brian
We are another Nevada company that just switched all of our clients over to SiteGround - Great support, I got help with a Divi builder issue. And thanks for the cPannel HTTPS config. Brian
Inspired Earth
Brilliant. Thanks for your efforts in this important area of Internet encryption. And for diving into LetsEncrypt rather than hanging on to trying to make money from selling SSL certificates (a dying thing of the past, that some hosts I work with are still hooked on, and thus refuse to implement important services like LetsEncrypt). Keep up the great work.
ssnobben
Pls update the Joomla SG cache optimizer plg as well! Thnks!
Hristo Pandjarov Siteground Team
For Joomla sites, you can safely enforce HTTPS using the cPanel plugin!
Paul B
Excellent article and very helpful. Great service guys!
Kristof Devos
Hi, just a quick question, can switching to https in the SG plugin cause SEO problems?
Hristo Pandjarov Siteground Team
It should benefit your SEO actually. Just make sure all 3rd party services like Google Analytics that rely on the protocol are configured to load your site over https.
Kristof Devos
Ok, great! Is there like a manual on how to set that up, after pulling the switch?
Hristo Pandjarov Siteground Team
You don't need to do anything after flipping the switch :)
Kristof Devos
Hi Hristo, I found the analytics settings, but I do have one question left. When I check my redirects, I have two of them with non www. First it goes to https:// and then to https://www while it should go directly to that last one. You can have a look here: https://ibb.co/dnTpDF Is there a way to make that one redirect instead of two?
Hristo Pandjarov Siteground Team
Those are different settings. If your site is configured to work via www and https there shouldn't be any redirects at all. As per the redirect itself, please post a ticket in your Help Desk and ask someone from our support team to look into your .htaccess file and check if the rules can be safely combined into one.
Nishant
Since I already use SG-Optimizer plugin and have enabled Let's encrypt SSL on my Wordpress site a month ago, do these new features on cPanel have any relevance/feature addition for me? Or is it a tool only for sites not on WordPress and hadn't made the switch to SSL yet?
Hristo Pandjarov Siteground Team
No, you don't need to use this functionality if your site is already working over SSL.
Leila
Many thanks! This is great service from SiteGround as it's getting more and more important to use SSL and this is one of the reasons I recommend you to my clients. By the way, it's really easy to configure Joomla to use https.
Jerry
I've been converting sites from http to https for quite a while now but the new tools are a nice addition that make it even easier.
Gary McHugh
This is awesome. Can you tell us when you will make the certs auto renew? This is one of let's encrypts promotion points. Much better than us having to renew them for every site 4 times a year.
Hristo Pandjarov Siteground Team
All Let's Encrypt certificates renew automatically!
Mark
So, just so I make sure I understand completely, if I decide to use the WP SG Optimizer plugin, I do not need to use Let's Encrypt or do anything else in Cpanel or elsewhere? Nothing else to set up at Siteground or on Cpanel? And does SG Optimizer change HTTP to HTTPS in the database?
Hristo Pandjarov Siteground Team
There are two things that must be done to have a properly working website: 1. You need a certificate - Let's Encrypt is a free SSL certificate that you can install for each one of the domains hosted in your account 2. You need to have your application configured to work via https. The Enforce HTTPS switch will do that for all applications since it works on domain level. The SG Optimizer SSL page will do the same only for WordPress sites. The last option is to manually configure your site to work via HTTPS. It's up to you which way you will device do configure your site :)
Ben
Hi, is the cPanel Let's Encrypt HTTPS Enforce option available on your cloud and dedicated servers, or just your shared hosting? I'm not seeing the option in my cloud cPanel.
Hristo Pandjarov Siteground Team
There are some differences in the infrastructure that prevents us from applying that update right away but I hope it will be available for cloud users really soon.
Stan Brown
My site BrownMath.com is all custom code -- no Joomla or Wordpress etc. I followed the advice a few months ago to update .htaccess to rewrite http links as https, and it seems to work fine. Is there any benefit to doing the Control Panel settings also?
Hristo Pandjarov Siteground Team
If it's already working fine, you don't need to use the new functionality :)
Stan Brown
Great -- thanks!
Tim
Could you suggest a road map for learning how to manually reconfigure a WordPress site on a SiteGround shared hosting plan? I think I am more interested in that option than adding another plugin.
Hristo Pandjarov Siteground Team
The new tool works directly from cPanel and does not require a plugin installation. However, since your site is a WordPress one, all our optimization features are within the SG Optimizer plugin and the coresponding cPanel tool. We don't have a rodamap tutorial but that's a really good idea and I will discuss it with the rest of the team for sure.
peter
Hello, this is a great step and very well timed as only a few weeks back I contacted your team re this issue. Just to confirm in my mind though, I do not have a WP site, mine are hand coded using HTML / CSS and my domains are held at Google so does this still apply to me? I am reasonably experienced in coding but anything beyond that my be a challenge. Again, congrats on this move, it can only increase the pressure on lesser hosts~
Hristo Pandjarov Siteground Team
The tool works based on a service we've devloped and doesn't rely on the app itself, so it should be perfect for custom solutions like yours.
peter
Thanks very much Hristo, as soon as I get some spare moments I will try it out. Keep up the wonderful work. Cheers~
Ian Rayner
Hristo, Thanks for the article. SG Optimizer appears attractive, but I have a couple quick questions: 1) Can you confirm it makes it easy to move to PHP 7.0? 2) I assume if I used its force SSL functionality, I would deactivate Really Simple SSL? 3) Will it operate alongside Comet Cache? 4) How would this all work with my local installation (my dev site) which I access using the free version of MAMP? Totally understand if you don't have time to get into the weeds here, but any guidane would be helpful! Ian
Hristo Pandjarov Siteground Team
Hey Ian, The plugin checks whether your site will run fine on PHP 7.0 and allows you to upgrade with a single click. Note, that you can do that manually (without the check part) from the PHP Version tool in cPanel. As to the SSL functionality, yes, you can delete Really Simple SSL if you have it through our plugin. The same applies to Comet Cache - there is no need using it if the Dynamic caching is configured and working properly. Our caching system is way faster than the results you can get from any caching plugin. The plugin links your application to our services and utilizes them, which means it will not work on your local environment for the caching and PHP switching part. Forcing HTTPS should work fine but since I am not aware about your config, I can't be 100% sure for that too. Generally, I wouldn't use any caching/performance plugins locally.
Ian Rayner
Hristo, Thanks for your excellent and detailed reply. Gives me a lot more confidence to go ahead (I like being able to reduce the total number of plug-ins). I must compliment you on your efforts to reply to all the questions here - I am sure it is appreciated by everyone. Ian
Ian Rayner
Hristo, Backed up my site, switched on SG Optimizer, switched off Comet Cache and Really Simple SSL. Once I flushed my Cloudflare cache everything looks great. Did a quick check at Pingdom and found my site scoring in the (Faster than) 70 - 80% range vs. 50 - 60% previously. A great improvement! Thanks. Now I have to figure out how to get my grade up from C to A. Ian
Raena Browne
This was awesome news! I had to update to PHP 7 first before switching to HTTPS, which was easily done through the SG Optimizer. Website is now encrypted! Really impressed with your services. Thanks!
Brandon
So after reading the article and an above comment, I'm still not 100% sure on the following. Do I need to flip the switch to enforce HTTPS in the cpanel AND add the plugin? OR just add the plugin and leave the switch off? I can't imagine I'm the only one with this confusion.
Hristo Pandjarov Siteground Team
If you're using WordPress, just flip the switch in the plugin. The cPanel tool presented in this post is a separate service and it does not rely on the application you're using.
Steve
Brilliant thank you for this. SG are streets ahead of others in what must be the way forward. Do you have any tutorials on what to do next once the site is running HTTPS? I'm thinking specifically at Google Webmaster.
Hristo Pandjarov Siteground Team
GWT doesn't requrie readjusting, just Analytics :)
Pieter
Hristo, So this makes a plugin like Really Simple SSL unnecessary?
Angelina Micheva
Hi Pieter, Regarding functionality both Really Simple SSL and SG Optimizer can help you to configure HTTPS for your site. Really Simple SSL has Premium paid version as well, while SG Optimizer is entirely free to use. The 2 plugins have a different approach to handling mixed content modifications. With the SG Optimizer we do not make the changes automatically but give our clients the option to apply them, after checking if external resources are accessible via HTTPS or HTTP. We have developed the functionality to activate HTTPS on WordPress sites via SG Optimizer by popular demand. In addition as a hosting company we would like our clients to have an easy way to take advantage of the optimization and security benefits of using HTTPS. We give our clients the freedom to select the plugin that bests serves the needs of their website and their preferences for features available in the plugin.
Erica Schaaf
I did the Enforce HTTPS button in the SG Cpanel and thought that was all I had to do. It reflects https:// in the domain name now, but I can't "activate" any plugins and the woo buttons on the website are not clickable. Will SG support be able to help me?
Angelina Micheva
Hi Erica, When you use the functionality of the "Enforce HTTPS" button you tell the server to create a rule in the Apache configuration that sends all requests to the domain towards "https://yourdomain.com We are not able to locate your account and check if your site is set to work properly with https, so we suggest you disable the "Enforce HTTPS" option and review your site. In case you are not able to configure it correctly you can submit a ticket via our HelpDesk. In this way our techs can check your site and help to resolve the issues.
Christine
We've just tried to use option 2 and installed the plugin but once i forced HTTPS the whole website formatting was gone...how can we install a certificate without that happening?
Hristo Pandjarov Siteground Team
Just disable the HTTPS force and you will be able to configure your site manually.
Claudia
As a brand new blogger with no posts yet, do i need the plug-in or just turn the switch on in cPanel?
Hristo Pandjarov Siteground Team
Whatever you prefer. If you're on WordPress, I'd recommend using the SG Optimizer plugin and its functionality to do it.
Shwetha
Hey this is very useful. Thank you for sharing, it made my site protect against a wide array of attacks.
Ed Morris
My site has an expired GlobalSign ssl cert and a Simplify credit card processing add-on. Can I simply delete this expired cert in cPanel and replace with a Let’s Encrypt cert, or is there additional work needed?
Angelina Micheva
Hi Ed, To be able to install a Let's Encrypt certificate for your selected domain, the first step is to delete any existing certificates for this domain with a previous provider. Then it is very easy to activate it for your website via cPanel, you can find full instructions for that in our tutorial: https://www.siteground.com/tutorials/cpanel/lets-encrypt/
Ed Morris
I removed the cert in cPanel but when trying to install Let’s Encrypt, it’s saying that I still have an active cert and to have tech support help me remove it
Hristo Pandjarov Siteground Team
Please, open a ticket in your Help Desk, our support team will happily look into it :)
Ayush Gupta
This is perfect! Installed SSL on my WordPress website and the complete website is now running SSL just under 3 minutes! SG Rocks!
Tom Parnell
Good information, great service - it works well. Just moved to SiteGround - very impressed!
zy
Hello,I try to Install,but have problem,choose Let's Encrypt: Installed Certificates You have no Let's Encrypt certificates installed on your account. and there is no button can choose HTTPS Enforce & External Links Rewrite..off or on fill my email,choose Install button ,but did not succeed said There was a problem installing the certificate. Please contact support for more information. How to solve this problem so that I can successfully installed?thank you very much!
Hristo Pandjarov Siteground Team
Please, post a ticket in your Help Desk, my collegues will check your case in details and help you out!
Brian Brown
We are testing a site on siteground with Let's Encrypt and not all links are being rewritten, even with the external links option enabled. Suggestions on what to check?
Hristo Pandjarov Siteground Team
It really depends on the particular site. You can mail me directly at hristo.p at siteground.com and I will get back to you :)
Wilfred
Hello, Great stuff! Quick question does to SG optimizer also Fix content to https ? For example if we adds images to our blog, will they be http ? I use an external plugin for that right now. Thanks
Hristo Pandjarov Siteground Team
You can do that from the tool, there's a force SSL switch. If you're using WordPress, you can do that from the SG Optiimzer plugin too.
Wilfred
Cool, thanks. I already have enabled it. So if i upload an image now to my blog, it will be automatically https correct ?
Hristo Pandjarov Siteground Team
Yes, it should load through https. However, I would recommend that you still reconfigure your WordPress site from Options -> General to work through https :)
Andy Hoang
WOAH! I've been meaning to put in SSL for a few years and always thought it would be hard. I've just gone into my Siteground account today, checked that LetsEncrypt was there (it was) then switched on "Enable HTTPS" in SG Optimizer and next thing you know, the site is in HTTPS and the "Not secure" sign in Chrome is gone. Took all of about 2 minutes. Thank you Siteground. I'm thoroughly impressed with the work you've put in to make it so that I don't have to do the work.
Angelina Micheva
You are most welcome, Andy! We are happy to hear that we made it easy for you to put a SSL certificate and configure your site to use HTTPS with our tools and features.
Robeen
From my cpanel, Manage HTTPS Settings, I have enabled HTTPS Enforce and External Links Rewrite but still no effect.
Hristo Pandjarov Siteground Team
Please, open a ticket in your Help Desk and our support team will assist you further.
PK
How do we renew a SSL certificate? We use Siteground to create a SSL certificate, but now it shows as expired and our site is showing as with Potential Security Risk Ahead. Can you please recommend a solution?
Hristo Pandjarov Siteground Team
Certificates are automatically renewed. Please, contact our support team via the Help Desk to get additional assistance on that matter.
Hashim Aziz
Hristo, You say: "Of course, if you feel confident enough the best way to make your site work through HTTPS is to manually re-configure your application, change all links of loaded resources to https." By this part, do you mean something like doing a search-and-replace for "http" to "https" using the wp-cli tool? Since enabling SSL and flipping both "switches" I'm currently having an issue where the icons in Wordpress' visual editor don't display unless External Links Rewrite is turned off. Would doing the afore-mentioned search-and-replace with wpl-cli and then switching the External Links Rewrite option back on solve this issue?
Hristo Pandjarov Siteground Team
If you're using WordPress, the best option is to turn OFF both options in Site Tools and use the Force HTTPS option in the SG Optimizer plugin. Then, check your site and you get Insecure content warning, only then turn on the second option for this purpose in the plugin. Ideally, you will have a nativelly configured site that won't use dynamic redirects to work via https.
shubham
Because of the awesome support and lots of free features that come with siteground hosting many of my friends including myself have changed our hosting from bla bla to siteground. It is amazing. HAIL SITEGROUND ( the fastest )
Neal
What if you have the new interface and there is not option for the External Links Rewrite? I don't see that option anywhere.
Hristo Pandjarov Siteground Team
You can use the SG Optimizer plugin to properly configure your WordPress app to work with SSL, it supports the dynamic rewrite too in case it is needed.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through