Running Your Sites under SSL

Running Your Sites under SSL

This Activity was created by Alan Levine (@cogdog)

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.67 out of 5)
Loading...

Difficulty: 4 (rated by author; 1=easy <--> 5=difficult)
Views: 706
Module:
Category:
Tags:

Whether or not you have concerns about security for content on your domain, there are very good reasons for understanding to make sure your content is served over SSL, and how the http:// in front of web site addresses is different from ones that start with https://.

The latter are sites that send content that is encrypted. You and are are likely not transmitting super secure information, but when we do log into sites with passwords (like in WordPress), it’s worth setting up your sites to use SSL. But more than that, Google’s Chrome web browser will soon start inserting the word INSECURE before web content not using SSL, and is changing their search results to favor sites using SSL.

One more reason that may come into play later is that there are ways you can bring your domain content into an LMS, using what is known as iframe tags – for this to work, the content must be served over SSL.

This may sound excruciatingly like technical mumbo jumbo, but trust us that it’s well worth ot to have an understanding and appreciation for what that one extra “s” in a URL means for your domain.

Reclaim Hosting offers a free cpanel tool that makes it easy to be issuing, managing your SSL certificates. Let’s dive in.

Issuing a Let’s Enrypt SSL Certificate for Existing Sites

Inside your cpanel, look under the Security panel for the icon link to Let’s Enrypt SSL.

Under Issue a new certificate you will see entries for your main domain, and all of the subdomains you have created. Choose one where you have set up a simple site as we did with the cpanel Site Publisher tool.

This might be at the front of your domain, like extendlabs.ca or for a subdomain like about.extendlabs.ca. Find this entry in the list, click the +Issue link. In the next screen, just leave all the default settings, and click the Issue button at the bottom.

What you have done now is enable all URLs from the main domain extendlabs.ca to be available as a Secure site, e.g. try visiting your domain with https://domain.me rather than just entering domain.me or http://domain.me.

This is not terribly exciting, eh? But it is a big step.

You can make your site automatically force serving content over https:// no matter how the URL is entered.

  1. Go into your cpanel File Manager
  2. Click the Settings button (with gear icon) in the top right, and check the box for Show hidden Files (dotfiles)
  3. Navigate to the public_html directory
  4. Click the +File menu items to create a new file, name it .htaccess (it must have the dot in front).
  5. When the file is created, select it once, and click Edit
  6. In this file copy this code exactly and enter it 
    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
  7. Save the file

If this worked, if you enter extendlabs.ca or http://extendlabs.ca in a web browser it should automatically dispaly the secure symbol and https://extendlabs.ca.

All other URLs in your main domain will work like this.

What About Existing WordPress Sites?

Like you, the Mad Scientists have already done a few activities creating WordPress sites. These two can be easily set up so all content is served over SSL. As you did above, go to the Let’s Encrypt SSL area of your cpanel (under Security).

The top area under “Your domains with Let’s Encryptâ„¢ certificates” lists all sites enabled with SSL certificates. If the domain.subdomain where your WordPress site is installed is listed with a certificate, you are ready. If not, find it in the lower section under “Issue a new certificate”, and click the +Issue link to create the SSL certificate.

Now you need to get to your WordPress Dashboard- do you remember how to do that? (Look in cpanel under My Apps, find your site, and use the 2nd link that ends in /wp-admin. Now…

  1. Under Plugins, on the left, go to Add New
  2. Enter into the keywords box enter Force HTTPS
  3. Look in the results (it should be first) for Force HTTPS (SSL Redirect & Fix Insecure Content)
  4. Click the Install Now button and when it is done, click Activate

This plugin will take care of a few things, it will redirect all the requests to the https:// version of your site, and will also take care of tricky situations where your theme may have mixtures of secure and non secure content.

Install New Apps into HTTPS

From now on, you may want to just start by creating new sites to be available over SSL. If they are going inside a domain or a subdomain that already has a Let’s Encrypt SSL certificate, you are ready. If it’s a new subdomain, repeat the steps above to issue the new certificate.

When you are adding an app like WordPress (or others we will explore soon) in the Reclaim Hosting Installatron, when you select a domain, for the Location setting, be sure to choose the one that has https:// in it.

For the Mad Scientists their site will work out of the box for https://thoughts.extendlabs.ca

For this activity, try issuing certificates and setting up existing sites you have made already to be accessed via SSL, or create a new subdomain and add a WordPress site like described in the preceding section.

For further information see Force HTTPS For Your Site in the Reclaim Hosting Community.

Example for "Running Your Sites under SSL":
https://extendlabs.ca/stuff/screens/extendlabs-ssl.jpg

Complete This Activity

After you do this activity, please share it so it can appear with other responses below. If your response exists at a public viewable URL, you can add the information directly to this site.

Add A Response

6 Responses Completed for this Activity

  • Running my site under SSL (Kim Carter, @Kcarte02)

    I was able to issue certificates for my sites and my previous and new Word Press accounts/blogs. The only step I was not able to complete was the automatic force serving content. When I went to create the .htaccess file it said it was an error because it already existed. When I clicked on it… Read more »

  • Done and Dusted! (jesslyndw, @jesslyndw)

    I blew in and added certificates to my core domain and a bunch of subdomains, and then was worried that I didn’t see the https:// in front of my WordPress sites – lesson learned to read to the bottom of the page before panicing!

  • Updating to SSL (Lisa Koster, @lkoster)

    This was an opportunity to go back to my old “blog” that I moved over from GoDaddy to Reclaim hosting. I issued the SSL certificate and then went into WordPress and added the plug in. Voila! No more “Not Secure”! https://proflisak.ca/  

  • A year later – clean up (Irene Stewart, @Irenequstewart)

    I am reviewing Domain Camp from the beginning. In this case, I checked the SSL certificates for each of my subdomains and ensured that I had added the code that would force HTTPS if someone simply entered procaffination.ca. I also removed subdomains that I was not using any more and deleted the folders using File… Read more »

  • Secure and feeling fine (Irene Stewart, @IrenequStewart)

    I added certificates to my three main sites, update the dot files and installed the plugin. Pretty excited that this one seems to work. I also migrated my posts from my old blog to my new one here and all looks good.

  • My site is secure! (Lisa Koster, @lkoster)

    The “Let’s Encryptâ„¢ SSL” page was pretty easy to use.  Even editing the .htaccess file was easy. However, in my directory, I already had that file. I am guessing it was because it’s a WordPress site?  I renamed the original and created a new file based on the directions. It worked perfectly. I created a… Read more »

Creative Commons License
This work by Alan Levine is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *