For a long time I’ve been meaning to sort out SSL certificates for my domains & secure traffic to them. Last year HTTPS became a google ranking factor & since then site wide HTTPS adoption has been on the increase. The problem with HTTPS is that up until recently it required buying an SSL certificate from a vendor & installing it on your hosting.
SSL certificates are not cheap & need renewing on a regular basis. It isn’t just a one-off cost. Furthermore, if you have multiple websites hosted on shared hosting, you need to sort out & purchase a separate certificate for each domain, or buy a wildcard certificate to cover your domains. Not cool.
Enter Let’s Encrypt (visit website). Let’s Encrypt is an SSL certificate signing authority who offer HTTPS (TLS, SSL) certificates free of charge. The certificates last for 90 days but can be renewed indefinitely without any extra charges.
Let’s Encrypt is a Linux Foundation project supported by a lot of big tech vendors including Google & Mozilla, not to mention the fact that is in endorsed by the EFF.
If you have your own server, installation is quite straightforward. You can use the EFF’s Certbot page to find instructions for your web server software & OS with a step by step guide for installing Let’s Encrypt.
If, like me, you have a lot of sites on shared hosting, things are a little more complicated. Luckily however, in August cPanel released a Let’s Encrypt plugin. The plugin has been in beta for a while but went live last month & the plugin automatically requests certificates for each domain hosted in cPanel & sets up the keys and certificates for you. It couldn’t be simpler. Whats more the cPanel Plugin will also run a cron job to check & renew the certificates, so it is a perfect turn-key solution for enabling full SSL (TLS) for your domains.
As soon as the plugin became available, I asked my hosting company to install the plugin. Within minutes I had SSL setup on all of my domains.
Once setup, the only task was to set my websites to use SSL over HTTPS be default. I set the domains to HTTPS in wordpress settings, and added rules in my .htaccess files to redirect all non HTTPS traffic to HTTPS. Ensure you set your redirects as 301 redirects to pass on any link juice from old links to your websites.
I added the following to my .htaccess for this site to redirect all
RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^johnlarge.co.uk RewriteRule ^(.*)$ https\:\/\/www\.johnlarge\.co\.uk\/$1 [R=301,L] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.johnlarge.co.uk/$1 [R=301,L]
I noticed a few days of SERP drops, but they have now recovered and my rankings are in fact climbing across the board. I also find that a nice big padlock in the address bar is great for reassuring customers & conversions on my e-commerce sites are up. My payment pages have always been encrypted as a third-party payment processor manages payments, but by securing every page of my sites it would seem customers feel extra secure.
HTTPS is also important from a privacy point of view. HTTPS gives end to end encryption between your browser and the server, meaning third parties are unable to snoop on your traffic. What you read & the sites you visit are your business & you are entitled to browse the web in relative privacy. HTTPS goes a long way to protecting your privacy online and I think we will see mass adoption of services like Let’s Encrypt for that reason alone. You can read more about Encryption & privacy over on the EFF’s website.
I must say I’m very happy with Let’s Encrypt. The whole process was straightforward and I now have HTTPS encryption across all of my domains. Any SEO benefits are a real bonus & I’ll do a further write-up on that when I’ve had some time to review the results.
If you manage your own server, I’d recommend adding Let’s Encrypt. Gone are the days of paying to secure your websites. And if your hosting is cPanel based, drop your hosting company an email and ask them to install the Let’s Encrypt plugin. It really is worth it.