What is SSL and Let’s Encrypt?
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.
A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.
When we do shopping online, creating accounts, signing into different websites, etc. we internet users shares lots of personal data each day.
If the website not properly encrypted, then this information can be spied upon and stolen. This is where SSL comes in. It provides the encryption technology to secure the connection between a user’s browser and the web server.
Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.
SSL certificates wasn’t cheap and the only way to secure websites with SSL was by using a paid SSL Certificate.
Here Comes Let’s Encrypt.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Setting up Free SSL with Let’s Encrypt on WordPress
WP Encrypt: Using WP Encrypt plugin, you can quickly acquire a new SSL certificate for your site. Once you have registered and received a certificate, you can switch your site to HTTPS.
Make sure to take a backup of your website before proceeding with the install.
Download the WP Encrypt Plugin and Activate it. After plugin activation you will find a new admin page in the Settings menu where you can register, generate, renew and revoke certificates for your WordPress site. In a Multisite, this menu is not located in the regular admin, but in the network admin, and it will work for all sites in the network. On the admin page you will find a help tab on top which provides further information on how to get started.
Make sure to select the Auto-generate Certificate option ticked. This Certificate is valid only for 90 days so the Auto-generate Certification option automatically renews your SSL Certificate.
The plugin only acts as a connection between your WordPress site and Let’s Encrypt – it is used to obtain the certificate. WordPress cannot modify your server configuration to use it, that’s why you need to take care of it yourself. However, you will find basic instructions in the plugin. After adjusting your server configuration, you also need to switch your site to HTTPS.
Here is an easy way to modify your server configuration to switch your site to HTTPS.
Really Simple SSL: Really Simple SSL plugin automatically detects your settings and configures your website to run over https. Install and Activate the plugin. The entire site will move to SSL.
WHAT DOES THE REALLY SIMPLE SSL PLUGIN ACTUALLY DO?
- The plugin handles most issues that WordPress has with ssl, like the loadbalancer issue, or when there are no server variables set at all.
- The site url and home url are changed to https.
- Your insecure content is fixed by replacing all http:// urls with https://, except hyperlinks to other domains. Dynamically, so no database changes are made (except for the siteurl and homeurl).
There is also a Pro Version available and these are it’s features.
- The mixed content scan, which shows you what you have to do if you don’t have the green lock yet
- The option to enable HTTP Strict Transport Security
- The option to configure your site for the HSTS preload list
- Mixed Content Fixer for the back-end
- More detailed feedback on the configuration page.
- Certificate expiration check: get an email when your SSL certificate is about to expire.
- Premium support
Update Google Analytics Settings
If you have Google Analytics installed on your WordPress site, then you need to update its settings and add your new url with https.
Login to your Google Analytics dashboard and click on ‘Admin’ at the top menu. Next, you need to click on property settings under your website.
There you will see the default URL option. Click on http and then select https.
Don’t forget to click on the save button to store your settings.
That’s all, we hope this article helped you add Free SSL in WordPress with Let’s Encrypt.
Cpanel users try this: Let’s Encrypt with AutoSSL Plugin for cPanel Users