SSL Certificates

SSL Certificates provide encryption and security, and should be enabled on every website.

What is an SSL Certificate?

An SSL certificate on your site gives you the padlock icon in your browser, and this encrypts communications between visitors to your site and the server.

Google is now giving sites without SSL certificates a warning in the browser so it is more important than ever to have an SSL certificate installed.

Stablepoint SSLs

All sites/domains hosted by Stablepoint benefit from free automatic SSL Certificates. This includes all full domains, and all subdomains. We use the cPanel AutoSSL to offer this through one of two providers: LetsEncrypt and Sectigo. These SSLs are just as secure as any other SSL Certificate you can buy.

How to set up

As long as your domain or subdomain points to us (via the nameservers or A record) the system will request an SSL for the domain and install it automatically if it doesn't already have one. This process is transparent and requires no intervention from you.

Adding an SSL to a domain that has just been pointed can take a couple of hours. However, you can request the AutoSSL manually at any time in cPanel:

  1. Log into your cPanel control panel
  2. Click SSL/TLS status
  3. Tick the domains in question and click 'Run AutoSSL'.

! Please note that the domain needs to be pointing to our servers for AutoSSL to function. !

840

Installing Third Party SSL Certificates

You may want to install a third party certificate (purchased elsewhere). This may be because it is organisation validated rather than domain validated.

Please note that installing your own SSL certificate will stop AutoSSL from working on your cPanel account. However, an AutoSSL certificate will replace your own third-party certificate should it expire.

To install your own SSL certificate.

  1. Log into cPanel
  2. Click SSL/TLS
  3. Under section Install and Manage SSL for your site (HTTPS) click on Manage SSL sites.
  4. At the bottom of the page you can paste your certificate.
840 840

Forcing SSL on your site

As soon as your SSL is installed, you can request your website with both http:// and https://. However you may want to force users to the latter. To do so, you can add the following to your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will redirect all requests from http:// to https:// but it is important that you only do this after your SSL is installed and working. If you're running a CMS like WordPress, it is also important to set the Site URL and Homepage in your Wordpress Dashboard to include the https://. This is important so that images and stylesheets and so on are loaded over https:// as well.

Mixed Content

There is a chance that some files your website uses have coded links preventing some pages on your site from loading fully from https. You can test for that here: https://www.whynopadlock.com/

If your site does have mixed content you will need to locate the files and change the URL contained inside it from http:// to https:// . This can be done in different methods depending on the CMS you are using. For example in Wordpress the easiest way to fix it is using a "Search and Replace" plugin such as: https://bettersearchreplace.com