Securing Your Websites with the SSL It! Extension - Plesk

Securing Your Websites with the SSL It! Extension in Plesk Obsidian

Securing your website with SSL is essential to ensure the privacy of your visitors and that you’re found online in 2020. Encrypt All The Things and Google’s push for more SSL adoption mean SSL is rapidly becoming the new standard. As a result, without SSL on your website, you risk a poor experience for your users and falling rankings. So, to solve this dilemma, we’ve developed the SSL It! extension.

It allows you to keep your websites secured with certificates from trusted certificate authorities (CAs) Let’s Encrypt and DigiCert (Symantec, GeoTrust, and RapidSSL brands), or with any other SSL/TLS certificate.

SSL It! comes already installed by default, and you can do everything from one, easy-to-use interface. You need the latest versions of the DigiCert SSL and Let’s Encrypt extensions to also be installed to get the most from it, but apart from that, it’s ready to go out-of-the-box.

To give you an idea of what the extension can help you do, here’s a rundown of its main features:

  • HTTP to HTTPS redirects to enhance the security of your website’s visitors
  • Prohibits web browsers from accessing your website via insecure HTTP connections
  • Improves website performance and protects privacy with OCSP Stapling.
  • Uses protocols and ciphers generated by Mozilla to make connections encrypted with SSL/TLS certificates more secure

SSL It! is a free extension, but SSL certificates themselves can be paid. Before we get into all that, let’s have a look at how you can use it to elevate your security.

Evaluating the SSL security of your website

Using the SSL It! extension, you can run one of the most popular testing services, Qualys SSL Labs, to check how good the SSL protection of your site is and discover what you can do to improve it.

Evaluating the SSL security of your website is as easy as doing the following:

  1. Go to Websites & Domains > your domain > SSL/TLS Certificates
  2. Click “Run SSL Labs Test”

The Qualys SSL Labs website will open in a new tab and the test will start automatically. Simply wait a few minutes until the test is finished, and you will receive a grade.

The highest possible grade is A+. If you secure your website with a valid SSL/TLS certificate from a trusted CA, and have turned on all security-enhancing features within the SSL It! extension (both steps we’ll look at next), you’re likely to receive top marks.

Securing websites with SSL/TLS certificates

To manage the SSL/TLS certificate of a domain, you first need to go to Websites & Domains > your domain. There you can see the current security status of your domain under SSL/TLS Certificates.

SSL It!

As you can see in the Tips & Tricks video below, by clicking SSL/TLS certificates you will see a list of certificates, all with clear descriptions so you can pick the right one for your needs.

For example, in the video, we select the Lets Encrypt certificate. All that needs to be done next is to enter a valid email address and choose what you want to secure. The first option, domain and the selected components, is a good option if you’re not sure what DNS settings you have in place.

On the next page, you’ll see that your domain and the selected components are now secured. From here, you can run the SSL Labs Test to see how secure your domain is. Like in the video, it’s likely your website will now score an A. You can improve your security further and raise this to the maximum score, A+, by turning on the four TLS-related options and sync TLS versions with Mozilla’s free service.

Enhancing the security of your websites

SSL It! will ensure your website is secured with a valid SSL certificate from a trusted CA. But this is not enough to ensure all-round protection. In particular, this extension contains four options that, when configured, will improve your website’s performance, enhance the security of your visitors, and harden the security of all servers’ encrypted connections. On top of this, enabling these features will boost your SSL Labs Test score to A+ and raise your website up the search engine rankings.

Here’s the four options with details of how they secure your website:

Redirect from HTTP to HTTPS:

The first option, redirect from HTTP to HTTPS, sets up a permanent, SEO-safe 301 redirect from the insecure HTTP to the secure HTTPS version of the website and/or webmail.

HSTS:

The second option, HSTS, prohibits web browsers from assessing your website via insecure HTTP connections. If visitors are unable to connect via HTTPS, for instance, because your certificate has expired, your website will become unavailable.

Keep websites secure:

The third option replaces expired or self-signed SSL certificates with free valid certificates from Let’s Encrypt. It covers each domain, subdomain, domain alias and webmail belonging to the subscription.

OCSP Stapling:

The last option, OCSP Stapling, forces the web server to request the status of the website’s certificate from the CA instead of the visitor’s browser.

On this page, you will also see there are ciphers managed by Mozilla which are constantly being updated. Click on TLS versions and ciphers by Mozilla to go to the settings page, and if you want to use the latest, click Sync now.

With your certificate installed, the four TLS-related options on, and ciphers synced, you can now do another run of SSL Labs Test. All that’s left to do is bask in the glory of your website’s A+ security rating.

There are many more things you can do to improve your website’s security within the extension, such as acquiring a paid SSL/TLS certificate or uploading your own. Check out this guide for more detailed info.

What is your experience with this extension? Share your thoughts or drop us a question or two by heading to the comments below!

How useful was this post?

Click on a heart to rate it!

Average rating 3 / 5. Vote count: 1

Oh no, sorry about that!

Let us know how we can do better below

About

Elvis Plesky
Our fun and curious team mascot's always plugged into the latest trends. He's here to share his knowledge and help you solve your tech problems.
    Showing 4 comments
    • Avatar
      Joe
      Reply

      Does this also protects the mailserver? Because afer installing a mailserver certificate clients have a lot of trouble connecting

      • Debbie from Plesk
        Debbie from Plesk
        Reply

        Hey Joe!
        SSL It! creates a certificate for the website, but if after that you go to your Mail settings and select the created certificate, it will do the trick 🙂
        If you still have trouble, get in touch with our support people: https://support.plesk.com/hc/en-us

    • Avatar
      Frank Zeyer
      Reply

      okay, but I cannot find the place, where I can “select the created certificate” to do the trick?
      pleas advice, thx, Frank

      • Debbie from Plesk
        Debbie from Plesk
        Reply

        Hey Frank, if this is not visible to you, get in touch with our support and they can walk you through it or figure out what is missing: https://support.plesk.com/hc/en-us

    Leave a Comment

    Start typing and press Enter to search