When we say the data is encrypted, we mean to say that there is a mathematical algorithm implemented and a system of keys that are only identified to the person who navigates-server. Having a reliable https certificate can have a very high cost depending on the type of website and the type of certificate required, in this article, we will show you how to take advantage of some free https certificate options in order to make your website or blog more secure and also improve your SEO.
What is a https Certificate and How to Get a Free https Certificate?
An SSL certificate or https certificate is used to provide security when a visitor goes to a website, this is a way to tell customers that the site is authentic, real and reliable to enter personal data. SSL acronyms meet the terms in English (Secure Socket Layer), which is a security protocol that makes your data to travel in a safe way, i.e., the transmission of data between a server and user, and feedback is fully encrypted.
When our data is encrypted, we can ensure that no one can read our content. All of this leads us to understand that technology that provides an SSL certificate is the secure transmission of information over the internet, to confirm that the data is free from unwanted people. In order to use an https certificate, on a website, is of vital importance that your hosting server supports SSL.
Free HTTPS certificate using Cloudflare
CloudFlare is a CDN service best known for its free plan that works very well and tends to be used to improve the performance, reduce the load on the servers and mitigate attacks or unexpected traffic spikes.
Within the free plan, they also offer the option of having what they call Flexible SSL or free https certificate so that the websites are loaded under the HTTPS protocol.
To configure it, you must follow the next steps, I recommend reading them all to understand them well before making changes to your website:
1. Sign up for a CloudFlare account:
Here you need to register your domain with CloudFlare and follow the steps to configure it, which is very simple and not involves much more than changing your DNS.
Once you have created your account with your email, you will be asked to enter your domain name and CloudFlare will scan your DNS server’s configuration.
CloudFlare will automatically detect your domain’s DNS settings and it will allow you to update those settings by just changing your domain’s name servers to their own name servers, this is required for CloudFlare to give you performance benefits as CDN and also the free https certificate.
Select the Free Website option, although it’s totally free, CloudFrare adds a lot of value to your website’s performance and SEO.
2. Update Name Servers and Settings:
Here you will need to go to your hosting account and have your name servers updated to the ones that CloudFlare will provide, ask support to help you out if you are unsure of how to do this.
After you have successfully updated your domain’s name servers, you must wait at least 15 minutes for the changes to take effect and then just hit continue. You will not experience any downtime while doing this.
Once the name server changes have taken effect, you should be able to see a screen like the one above, it should say “Active” . Now you will click on the option that says Crypto in order to generate the new certificate. Yeei 🙂
Here you will select the option that says “Flexible“, this will immediately place an order for your free https certificate which could take up to 24 hours to be issued, usually it only takes a couple of hours.
You should see after a couple of minutes that now your free SSL certificate is being issued. Now, don’t get desperate and give it about 3 to 5 hours.
Once your free https certificate has been issued, you should be able to notice it…
The next step that we will follow here, is to go where it says Page Rules. Here we will be able to establish some rules to rewrite all of our existing URLs and redirect all our visitors to the secure version of our website. We will also be able to do some performance and security tweaks.
What you will do next, is to click where it says Create Page Rule and you will get a window like the one bellow, you need to replace my domain name with yours and just setup these page rules exactly the same way and then hit save and deploy for all of them.
That is all we needed to do with CloudFlare here, now we will move to our WordPress panel and make sure everything works fine with our new free https certificate. Just before doing that, let’s go to Caching anfd then Purge Everything.
3. Configure HTTPS in WordPress
The first thing we will do here is to make sure that our website and WordPress URLs are re-written to the https version, although we have the rule to redirect from CloudFlare, it’s always good for SEO purposes to avoid too many URL redirections.
All you need to do here is go to settings and general, make sure that your URL has the https in front of it, if not, then just add it.
If you use W3 Total Cache, it also comes with the ability to integrate CloudFlare these two make a powerful combination in terms of performance and security. Otherwise, you don’t need to add any plugin here for CloudFlare.
After following all these steps you should already be implementing the free https certificate successfully. You will probably need to log back in to your WordPress, don’t be scared if it signs you out a couple of times, it is normal.
The next step I would recommend here, although it is not required, is to install a free plugin named Really Simple SSL. You only need to install and activate the plugin, there is no need to configure it, and it will help you take care of any mixed content issues, which can always be a problem.
Free HTTPS Certificate with Let’s Encrypt
Let’s Encrypt is a new CA (Certificate Authority) non-profit which allows SSL certificates for free, its purpose is to help make all sites secure without having to spend money buying certificates.
Their certificates are simple to install with their tool called Certbot, which provides all of the steps to be followed depending on the type of server you have.
For example on a server with Apache and Debian just run a couple of commands in SSH terminal so that the certificate is installed.
The problem here is that in order to perform an installation of this type, you must have a VPS or dedicated server where you have more control, shared hostings usually do not allow users to install their own SSL Certificates (for them it’s a business and they want you to buy it from them).
Yet some hosting services are already offering their shared plans to use Let’s Encrypt to have a certificate for free. Take a look at the list of hosting providers who are already offering Let’s Encrypt support.
For manual installation on a VPS or dedicated server I recommend you to read the documentation carefully and follow the steps indicated by Let’s Encrypt, they also have a very active community where other users can help you.
But there are also a couple of details to comment:
Once the free https certificate is installed on your server you must do a manual configuration of the SSL Cipher by entering these values, this is a configuration option occurring on servers with cPanel in WHM-> Apache Configuration-> Global Configuration. It is necessary to do so in order for the certificate to work correctly in Windows XP and older browsers such as Internet Explorer 8.
To check if the settings are correct and see which browsers are compatible or not with the certificate, you can use this tool by entering just the domain with certificate obviously already installed: https://www.ssllabs.com/ssltest/analyze.html
Another thing to keep in mind is that by sharing the server with multiple domains that have SSL, only one of them (the primary) will be compatible with older browsers that do not support SNI (Server Name Indication) as Internet Explorer 8 on Windows XP. The rest of the domains displayed a certificate-related error message.
In order to fix this they must use different IPs for each domain or change the primary domain from WHM-> SSL/TLS-> Manage SSL Hosts.
What to do after installing your SSL Certificate?
You can also navigate through the different pages of the site in oroder to make sure that all of them load with the green lock and there is no load errors known as mixed content appearing when there are resources that are still loaded under the HTTP protocol.
In terms of SEO, you must keep in mind that when you change a site’s HTTP to HTTPS, the URL is changing, with this URL change it’s very important that 301 redirections from HTTP to HTTPS are working correctly.
From Search Console (former Webmasters Tools), it is not necessary to indicate that a change of URL has been made, in fact, the option is not available for these cases, but there is nothing to worry because the 301 is enough to make Google understand that the address has changed.
What you have to do is to register the HTTPS version of the site in the Search Console (as a new property), it will be the main version that will be used from now on. Also to facilitate the migration and upgrade the search results you can send from this version two Sitemaps, one with new URLs under HTTPS and the other one with old HTTP URLs so that the GoogleBot can track them easily and detect that they are redirected.
You also need to make sure that the tags rel = “canonical”, if you use them, are correctly configured, i.e. pointing to the HTTPS versions. And the robots.txt file must exist with the same content that the HTTP version had, it is not appropriate to respond with a 404 or that it does not exist because Google may not track the site.
I hope this information is useful and if you have any doubt you can leave a comment here. Also, keep in mind that sharing is caring, so share this with others…