July 2018 has finally arrived and that means the time of the long awaited Chrome 68 update has also arrived. While we’ve discussed what this means in an earlier blog post, the short version is that unsecured websites (those not using an SSL certificate) are all going to be marked as not secure in the address bar for all your visitors to see. Not the type of first impression you want to make.
As webmasters scramble to prevent traffic losses from this negative image of their websites, we wanted to take some time today for those who shoulder the full time task of maintaining their website alongside their business. To help out, we’re going to teach how to manually install a standard (1 site) SSL certificate onto your website.
Before we begin, if you’re purchasing an SSL certificate from the same company that hosts your website, it’s a good idea to check and see if they offer an automatic installation option. Many companies do, though some have limitations as to what can be automatically installed. That being said, it’s always worth seeing if you can save yourself some time and effort by having a quick chat with them first.
You will also want to understand that these are going to be general guidelines you’ll find with many providers. Some hosting environments and Certificate Authorities (CAs, also known as SSL providers) handle things a bit differently than others, so if their instructions deviate from ours, defer to your provider’s directions.
If you’d prefer some visual aids instead of written instructions, we’ve also put together guides for cPanel (Linux hosting) and Plesk (Windows hosting) environments that you can view below.
Jump ahead to:
I’ve purchased my SSL certificate – where do I start?
To manually install an SSL certificate onto your website, you’ll need to start by requesting a Certificate Signing Request (CSR) from your server. Most common control panels offer this capability and will simply ask for a few pieces of company information before letting you generate this request.
Once you’ve created this request, you’ll see your CSR as well as (in most cases) a private key. Both are going to mostly look like a block of randomly generated letters and numbers. You’ll need to copy the entirety of the CSR, including the lines that say “Begin Certificate Request” and “End Certificate Request”.
Once you’ve copied them, log into the site where you purchased your SSL certificate, and follow the prompts for requesting a certificate. There will be a place where you can paste your CSR, and the CSR will allow your provider to identify which website you are planning to secure. Once you’ve provided the CSR, you can request the certificate.
From here, you’ll be waiting a little while before moving on to the next step. This is because provisioning an SSL certificate takes time due to the steps your CA takes to verify your domain and provided information. This can take a few minutes to 3 days depending upon your provider.
If your domain is registered with a different company than your CA, you may also have to add a DNS entry or two to your zone file to complete this verification. If this isn’t automatically provided for you, reach out to your CA for the details.
My certificate is ready – how do I get it?
To download your SSL certificate, you’ll need to know what type of web server you’re using. Most Linux environments use Apache, and most Windows environments use IIS. Your CA should have options for you to choose from when preparing to download your files. If you aren’t certain of what you have, reach out to the company you get hosting through to find out for sure. These aren’t details you want to guess at.
Once you’ve downloaded them, you’ll have 2 files in most cases – one will be a .crt file named with a bunch of letters and numbers, and the other will be a bundle file, which can be another .crt or another file type. In most cases, you can discard the bundle file.
I’ve downloaded my SSL certificate – how do I upload it and prepare my server?
Head back over to the area in your hosting where you can manage SSL certificates. You should either have an option to install your SSL (cPanel has this), or a place where you can access your CSR that contains an upload option for your .crt file (Plesk has this).
From there, you should just be able to browse your computer, find your .crt file, and then upload it to the server. There’s usually one more step you need to take after this point, and that is installing the .crt file you uploaded. Before you do this, you may want to make sure your website is prepared for secure (HTTPS) connections and you DEFINITELY want to make a backup of your current site in case installation doesn’t go well.
While you can usually choose whether you install your SSL or updated it to HTTPS first, I generally recommend preparing your website first. This way, you can test your SSL as soon as you install it, and if you’re using a Content Management System (CMS) like WordPress, you do not have to worry about accidentally locking yourself out of your admin dashboard.
Your site will probably have some interruption in its connection from this point until completion. Choose a time where this will have the lowest impact on your traffic before proceeding.
The process for this transition will vary depending upon how you built your website. For programs like Dreamweaver and Muse, you may just need to make a quick setting adjustment. For custom HTML, you may be doing a search and replace. CMS environments often have a setting to adjust this in their dashboard or database.
I’ve uploaded my SSL certificate and prepared my site – how do I complete my installation?
This will be handled in two parts. The first is the easy part – installing the SSL certificate onto your website. There will be a specific area in your SSL settings or hosting settings for your domain that will allow you to officially install the .crt file you uploaded to the server earlier.
Once this is done, you can open a new tab in your browser and go to https://yourwebaddresshere.com to see if it loads normally and shows up as a secure site. If you see a warning that some elements are not secured or notice parts of your page aren’t loading, you’ll need to make some corrections to your code to ensure all your links are using HTTPS instead of HTTP.
The best way to do this will vary depending upon how you built your site. WordPress has a plugin called Really Simple SSL that will usually make this a breeze. If you have trouble isolating the cause of the issue, you may want to bring in a web developer to ensure nothing breaks as you endeavor to fix your site.
After this, you’ll want to ensure that all traffic that comes to your website is routing to the HTTPS version. In Linux, you can force this with a .htaccess file, and with Windows, through a web.config. Some hosting platforms have a setting you need to enable to see these in your file manager – make sure this is enabled before heading there for the next step.
If your website is set up in the root domain of your hosting, remember that public_html is the root of most cPanel enviroments, and httpdocs is the root of most Plesk control panels as you access your file manager.
Linux .htaccess file changes
Use these three lines of code above or below the code that is already present from WordPress or other modifications. Leave at least one empty line of code before pasting these in to make it easy to distinguish one from the other. If a .htaccess file is not present, create a new file in your file manager named .htaccess.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Windows web.config changes
Below is the full code that needs to be present in order for this code to work. The first 3 and last 3 lines should not be duplicated if they are already present in your web.config file – if you see them, just copy the lines that aren’t there, and paste them in where they would start in the code below. If a web.config file is not present, create a new file named web.config.
<system.webServer>
<rewrite>
<rules>
<rule name=”Force HTTPS Redirection” enabled=”true” stopProcessing=”true”>
<match url=”^$” ignoreCase=”false”/>
<conditions>
<add input=”{HTTPS}” pattern=”^OFF$”/>
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/” redirectType=”Permanent”/>
</rule>
</rules>
</rewrite>
</system.webServer>
Everything should now be installed, test your site to ensure it works correctly
Assuming all is running as intended, you should be done at this point! Typing in your web address should automatically route you to the HTTPS version of your site, and your browser should be noting it as secure. If it isn’t, retrace your steps to when your site was last working, and review troubleshooting steps with your web host or your developer to isolate and fix the issue.
Looking for an affordable SSL?
Check out our SSL certificate selection to secure any sites you are maintaining. We also include a 1 year SSL certificate for any site we design, just give us a call at 319-229-5225 to learn more about our WordPress web design service!
Braden is one of the founders of Midwest Websites, and has been professionally writing and developing websites for over 7 years. His blog posts often take an experience from his life and showcase lessons from it to help you maximize online presence for your business.