SSL Certificates and Web Security – A Guide

In today’s world, web security and SSL certificates have become mandatory. When ranking websites, Google, the largest search engine on the planet, looks for SSL certificates for better rankings and prioritizing. And they have also started the initiative of “HTTPS everywhere” to make the web a more secure place and highlight the importance of web security.

This article will discuss more on what SSL certification is, what types there are, and compare two major companies that provide SSL certificates – DigiCert and Sectigo.

What are SSL Certificates?

SSL stands for Secure Socket Layer. This layer establishes a secure connection between the web server and the web browser. When a website has an SSL certificate, a small lock symbol appears at the start of the link. And HTTPS appears in the URL instead of HTTP, which means that you are browsing securely.

SSL uses cryptographic techniques to provide safety to users. The web browser attempts to connect with the webserver and sends a message to the server to identify itself. The web server sends its SSL certificates to the web browser for verification. The browser verifies the certificate and sends a connection request to the server, and the server sends back acknowledgment, and the encrypted session gets started. The data that goes back and forth between the browser and the server is therefore encrypted.

An SSL certificate provides security to the website’s data. It’s almost impossible to breach into the data with SSL, and even if there is a breach, the data is in extreme cryptography and can’t be deciphered. Customers’ information like usernames and passwords are safe and secure when the website has an SSL certification. Important transaction information like credit and debit card details and online wallet details are highly secured with SSL certification. 

Google gives top priority to secure websites and helps them rank faster. The first thing a user notices when visiting a website is the security, i.e., SSL and HTTPS, so it is essential to have a secure website to gain credibility with the customers and indirectly generate more revenue.

Types of Certificates

Depending on the capacity and purpose at which we operate our website, there are four types of SSL certificates:

N.B. Wildcards are a handy sub-type of DV or OV certificates.

Let’s look into each certification in more detail.

Extended validation certificate (EV SSL)

EV SSL is the most trusted and most used certificate by businesses around the globe. These certifications are issued under guidelines that are proposed by the CA/Browser forum. They can only be published by the subset of CAs (Certified Authorities) and require legal verification of the certificate’s requestor. This certificate uses the same encryption techniques as the other two types. EV certificates show a green browser bar, which indicates security and credibility.

Organization Validated Certificate (OV SSL)

These certificates show that an organization is valid. The owner of the business must show proof of both the physical and legal existence of the company. The users will see a lock at the start of the address bar, which indicates that the site is secure and safe from hackers.

Domain Validated Certificate (DV SSL)

These are some of the most commonly used certificates. The verification process for DV only verifies the domain of the website (business). This verification is to check whether the requestor is the owner of the domain or not.

Wildcard Certificate (Wildcard SSL)

A useful type of certificate that secures all subdomains at once, along with the main one. It’s therefore not necessary to issue a new certificate if a new subdomain is changed or created. Only available on DV or OV certificate types, for security reasons.

Where to get SSL Certificates

There are many SSL certificate providers across the globe. This article will discuss two of the top companies that provide the certification, and those are Digicert and Sectigo.

SSL Certificate using DigiCert

DigiCert.Inc is an American based digital company that provides users with digital security. They help users across the globe to get the validation required for SSL certificates through Public Key Infrastructure. DigiCert is the world’s largest certificate authority, representing 60% of the EV certificates and 96% of the OV certificates globally.

Among its extensive range, it offers three major certifications, namely DigiCert Basic, DigiCert secure site, and DigiCert secure site pro. According to the security level users need on their website, they choose from the given options. The basic variation is cheaper, and as secure features are added, the cost also increases.

SSL Certificate using Sectigo

Formerly known as Comodo CA limited (Rebranded as Sectigo in November 2018), Sectigo company holds the authority for issuing SSL certificates. The company offers digital security to both organizations and independent consumers. With more than 20 years of experience under their belt and hundreds of thousands of customers worldwide, Sectigo is one of the leading companies that provide web security with SSL certifications.

Sectigo broadly offers six types of certificates for the customers who want their website secured from malware. They include DV SSL, OV SSL, EV SSL, WILDCARD SSL, MULTIDOMAIN SSL, and SINGLE CERTIFICATES. They are also an award-winning innovation company with excellent customer support.

DigiCert vs Sectigo – feature comparison

Now, let’s take a closer look at each metric and compare them.

 

Key size and encryption strength

The key size determines the number of combinations it takes to break an encryption algorithm. Both DigiCert and Sectigo offer 2048 Bit keys so their encryption is very hard to break. The encryption strength is also the same for both, which is 256-Bit.

Root Domain Support

Sectigo and Digicert now secure and cover domains both with and without www.

Validation level

Both Digicert and Sectigo support all the validation certificate types, including domain validated certifications. However, Digicert brand does not offer DV SSL – the most basic and common type – except under its sub-brands. So, Digicert itself serves more enterprise-level needs whereas many users search for DV SSL with Sectigo.

Multiple Domains and Sub-Domains

If we want to cover multiple or sub-domains with SSL certification, both Sectigo and DigiCert provide multi-domain certificates called SAN certificates. We can add up to 250 Multi-domain SANs with DigiCert and 100 SANs with Sectigo.

Issuing Authority

Comodo Ca is a well-reputed brand with more than 20 years of experience. They rebranded themselves in fall 2018 to Sectigo, but they still have the largest market share of CAs. DigiCert, formerly known as Symantec, has also been around the block for many years and has vast industry experience.

Certificate Costs

With so many free SSL certificates available in the market, it sounds like a feasible idea to settle for one. But with premium certifications, you get both customer support and value for money. On top of that, OV and EV SSLs provide a further layer of customer trust as the certificate itself lists the business or registered organization. They can’t be issued to individuals.

Both DigiCert and Sectigo offer premium customer support and services. 

Final Words

We have now seen what SSL certification is and what benefits it provides to website owners. And also, we have seen different types of SSL certificates based on usage and capacity. 

Looking at the two top SSL providers, with their powerful encryption and multiple validation options, the choice is tough. Both will secure your site robustly. Both have long-held authority and experience. The only thing to consider is whether their specific certificate types match your site. 

Looking for domain protection for your blog? DV SSL with Sectigo will be great. Maintaining a high-traffic site with multiple sub-domains? Both brands can get you a top Wildcard version of the OV SSL certificate. Know your site, think security and trust, and you’ll know what certificate works best for you.

Secure your domain now

At Plesk, safety and credibility are provided by powerful Sectigo plugins for you and your customers. Through the SSL It! extension, DV and DV Wildcard releases are among the many certificates you can easily install to secure your domain.

The next screenshot shows how SSL It!’s page looks like for a domain without a configured certificate but when the Sectigo extension is already installed:

Let’s click “Buy Now”. Purchasing a PositiveSSL certificate via store.plesk.com:

After purchasing, Sectigo (Certification Authority, CA) verifies a domain and issues a certificate. When the certificate is issued, the extension automatically installs and secures the website in Plesk. As you can see, SSL Labs rated the website secured with a Sectigo certificate on A grade.

Just four easy steps, and your site is protected. 

Want to learn more about web security? Our podcast reveals all. 

HTTP to HTTPS – Here’s What to Do

HTTP to HTTPS

HTTP to HTTPS is the key to making your customers feel safe from the bad guys out to steal their data. Here’s how to secure your site and your business.

Some of the major web browsers have begun to warn users when they visit websites without SSL certificates. Firefox is one. Chrome is another. But why should that bother you? Well, because anyone who visits your site will be told that it’s unsafe, and they might want to turn back, so a redirect from HTTP to HTTPS becomes a way to make sure you don’t start losing visitors.

Why Do We Need SSL Certificates Anyway?

Information Encryption

Everything you send over the Internet goes through other computers before it gets to the one that hosts the website you’re trying to reach, so all of your private and financially sensitive stuff could be stolen by others unless it’s disguised through encryption. That’s what an HTTP to HTTPS gives you: scrambled info that can only be unscrambled by the intended recipient.

Protection from Cybercriminals

Consultancy firm Cybersecurity Ventures predicts that by 2021, cybercrime will cost the world more than $6 trillion, a figure that’s hard to imagine, but to put it into perspective, that will be more than the amount generated by the world’s entire illegal drug trade. That’s serious!

With so much money to be made, criminals are getting more and more sophisticate. They know that there are rich pickings to be had from penetrating networks. To them, it’s a crime with far fewer risks than many of the other evil schemes they might pursue, and it offers potentially greater rewards.

That’s why they’ve been making efforts to intercept your information while it’s on route—in what are called transit-based attacks—and that’s why HTTP to HTTPS have become so important.

Security = Trust in Your Brand

Trust is one of those intangibles that every brand needs and earning it means making sure that every touch point in your customer’s journey builds on that trust. Have you ever noticed the little lock icon that sometimes appears in your address bar? Or sometimes how there’s red line through the name of the website you’re visiting instead? The first one means you’re connected safely thanks to HTTP to HTTPS and you’ve got well-trusted encryption. The second one means the connection isn’t protected. From a customer’s point of view, if they see the first one then their trust in your brand will grow. If they see the second one, then you can say goodbye to them.

Legit Referral Data

Since Google Analytics is not showing HTTPS to HTTP referral data – you will loose significant part of statistical data. Imagine that someone placed a link to your website on old and reputable website with huge amount of traffic. This site resides under HTTPS, yours – under HTTP. The referrer data in this case is completely lost, the traffic from linking website will be represented as Direct inside Google Analytics and is not really useful for any further marketing analysis.  So, migrating your website to HTTPS solves this issue and after migration referral data is passed properly from any linking site – under HTTP or HTTPS.

HTTP to HTTPS – implementation how-to

The first thing you need to do is to edit .htaccess file. This is a configuration file used by Apache web server software to provide a way to make configuration changes on a per-directory basis. Apache is one of the most popular web servers in the world, developed and maintained by Apache Software Foundation.

How to edit the .htaccess file

The .htaccess file contains information that tells the server what to do under various circumstances, so it has the capacity to change the functionality of your website. It does things like:

  • Redirects
  • URL Rewriting

Ways you can change an .htaccess file

  • Change the file on your machine and upload it to the server via sFTP/FTP
  • All FTP/sFTP/SCP apps have an “Edit” feature which allows remote editing of files.
  • Use a text editor and SSH to alter the file.
  • Use the file manager of Plesk Onyx or cPanel to amend the file.

 

Redirecting HTTP to HTTPS

Redirect All Web Traffic

If there’s existing code already in your .htaccess file, add the following:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]

Redirect a Specific Domain Only

To redirect a specific domain to use HTTPS, add this:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]

Redirect a Specific Folder Only

Use this to redirect HTTP to HTTPS for a particular folder:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} yourfolder
RewriteRule ^(.*)$ https://www.yourwebsite.com/youfolder/$1 [R,L]

How To Setup HTTP to HTTPS redirection using Plesk Onyx

You can avoid manual modifications of .htaccess using the power of Plesk Onyx UI. To setup HTTP to HTTPS redirect you need valid and functioning SSL certificate on your website. The rest is about 5 easy steps:

  1. Log in to Plesk and click Websites & Domains in the left sidebar
  2. Choose the domain to configure and click Hosting Settings
  3. Select SSL/TLS support and Permanent SEO-safe 301 redirect from HTTP to HTTPS checkboxes under Security
  4. Select corresponding SSL certificate from the Certificate drop-down list
  5. Confirm changes by clicking OK button

From this moment your site is using a secure connection for all web page requests

Are You Making Any of These 10 Website Launch Mistakes?

Website Launch Mistakes

You should consider your company website the essential bridge connecting your clients to your business. It’s the go-to platform where potential customers can find all the relevant company info, your products and services, and a way to get them. And while many businesses have now grasped the fundamental importance of investing in a proper website, there are still 10 common pitfalls that can hinder your website’s performance and success.

Vital security measures

1. Missing vital security measures

Online security has become a key factor users look out for when accessing new websites. Think of features like SSL, providing a safe, encrypted link between browser and server, or a CAPTCHA, stopping unwanted bots. Not investing in them can mean unknown sources interfering with your business website performance. In turn, poor performance will very likely result in scaring away potential clients.

Update WordPress plugins

2. Forgetting WordPress plugin updates

As with any system, the different features that make up WordPress require regular maintenance. Failing to do so can slow your website way down and even make certain functions not work properly for their users. So it’s vital for your business to find a tool to update these plugins regularly, such as the popular WordPress Toolkit. Because this lets you mass-manage instances, plugins and themes instantly and from one place. Among many WordPress Toolkit benefits, you also get a staging environment to test new features before they go live.

No scalability

3. Not planning for scalability

Any online business aims to get the biggest customer base possible. So naturally, it’s important for your website to be built in such a way that you can later scale. For example, having enough server power to handle a surge in traffic. And having efficient data backup to manage mass information flow. Note that it’s always better to account for this from the start because it will become very difficult to upgrade a website at the last minute.

Plesk’s control panel works as a scaling tool, allowing businesses to grow over time. Hosting providers can manage their clients and servers across different infrastructure setups, even tailoring it to their business needs.

Accessibility

4. Failing to account for accessibility

In an age where users can access a website from any OS, browser, or device – we all need to make sure we’re available everywhere and to everyone. It would be quite damaging if a business website is designed in such a way that it loses compatibility with, say, iOS devices. Because this essentially eliminates an entire section of potential customers interested in your services. So make sure any device, OS and browser can access your website.

Website Audit

5. Forgetting to undertake a website audit

Website audits are a full analysis of all the different issues that may impact your website’s visibility in a search engine. This is especially important when considering marketing campaigns, because a website audit can help your business uncover weak factors that impact performance.

SEO

6. Skipping SEO

Search Engine Optimization (SEO) is a process where one optimizes their websites so as to receive higher natural rankings in search engine results. And with the online market becoming increasingly more competitive, SEO is a key tool for business to stand out.

Not implementing SEO on a website relegates it to lower position on a search results page, meaning that business can miss out on a considerable number of potential customers. Since SEO can be quite extensive, we recommend that beginners install the SEO Toolkit on Plesk to get started and get found online.

Sitemap

7. Ditching the sitemap

A site map is essentially a list of pages that make up a website and is considered a tool for search engine bots to crawl your website and index it. When a page gets indexed, it makes it more easily searchable in a search engine, thereby increasing its visibility. Therefore, if you don’t submit a sitemap to a search engine, you’re effectively limiting your website’s visibility.

Marketing strategy

8. Not having a marketing strategy

Choose your content carefully as it sets the tone for your brand, but make sure it ties in well with your marketing strategy. No marketing strategy makes sales attempts messy. If your mission doesn’t make sense to your potential customers, they’ll find it difficult to engage with your brand. Meaning that ultimately, they won’t convert.

Ignoring analytics- 10 Website Launch Mistakes - Plesk

9. Ignoring Analytics

Website analytics give businesses valuable insights about their audience, like age, location, and preferences. They can also reveal visitor behaviour, like each website session’s duration, which pages are the most popular and how a visitor arrives at your site. Use this to build a complete profile of your target customer so you can cater to their needs better with your product, service and content.

Social proof

10. Forgetting your social proof

When it comes to online businesses, everyone looks for proof of its legitimacy before engaging further. These include client testimonials, means of contact, including physical addresses and actual phone numbers, and most importantly active social profiles. Businesses who focus so hard on the actual product that they forget their social community, end up losing customers to competitors. Perhaps competitors who were more engaged.

As you can see, launching a business website isn’t as simple as plugging in and hitting the ‘on’ switch. You need to plan for all of the above and more well in advance. Since they all have the potential to increase customer traffic and your overall business success.

Do you agree with all the points we mentioned above? Have we missed anything? Your opinion counts. Let us know in the comments below!

arrow icon - Plesk

The Plesk Onyx Security Quiz | 5 Minutes

It’s time for our second monthly edition of the Plesk quiz. Here to challenge your knowledge and see how you stack up against your peers. But mostly, to check if we’re doing alright in making sure you get the most of what we can offer. So today, we’ll be testing how much you know about Plesk Onyx Security.

Plesk Onyx Security Features and Tools

How well can you manage security of your Plesk server and protect it from common types of attacks? Maybe you know that we have an entire Security section inside our extension catalog for you to use. Including Let’s Encrypt to issue free SSL certificates and protect connections to your sites, Plesk interface, and mail server.

Plus, we’ve got robust in-built tools in order to enhance Plesk panel security. Like Web Application Firewall (ModSecurity), which protects sites and web applications from attacks.  And Fail2Ban for brute-force protection via IP address banning. Are you on top of it all? Then get ready to test your Plesk Onyx Security basics and more.

Plesk Onyx Security Quiz

Boom – 14 questions below, just for you. Select your answers to get your score (and no cheating!).

  • This field is for validation purposes and should be left unchanged.

How did you do?

Finally, how was it? Got the score you thought you would? Did you get close but aren’t quite there yet? Let us know in the comments below or on Twitter or Facebook. You’ll see how your peers found the challenge.

Think you can do better yet? Fortunately, there’s a free Plesk University course, dedicated to learning more about Plesk Onyx SecurityThere may be something you’re missing.

First, hit the button below to get the course. Then complete it for a certificate. Are you new to Plesk University? Then sign up first in a couple of clicks and hit “Get this Course”.

Why You Need SSL Certificate Everywhere to Scale Your Web Host

Get an SSL Certificate and scale your web host with the Symantec SSL extension

Web security leaped forward in 2018. Google began flagging websites lacking the SSL security stamp. Chrome users – so, over 50% of the market, will start to see “not secure” on websites that lack an SSL Certificate. So, if you ever needed an incentive to get on the SSL Certificate bandwagon – Google’s just provided it.

For web hosts, providing SSL is quickly going to provide an industry standard. Let’s quickly refresh how an SSL Certificate improves the user experience.

Why hosts should care about an SSL Certificate

Why you need SSL certificate to scale web host

Looking bad in Google Chrome is just part of the story. Aside from appearances, having an SSL Certificate is an excellent foundational security practice. In fact, adopting SSL everywhere will improve your Google search engine rankings.

What is an SSL Certificate?

An SSL Certificate is a tiny data file that attaches a cryptographic key to your website. This security protocol will protect user data transfers, secure logins, and credit card transactions. Plus it will authenticate the overall business website or domain. In browsers, SSL activates the padlock and https to make connections secure from the server to browser.

First – Check your SSL certificate

If you were not persuaded by the security benefits, neglecting to generate an SSL Certificate may cost you organic traffic.

And if that happens, you may start losing customers as competitors turn their SSL Certificate into a standard offering. Just imagine if a customer website is hacked because you failed to recommend them an SSL Certificate. That’s not going to work.

But how exactly can you help your customers adopt SSL and stay current?

Helping your customers manage their SSL Certificates

We need to realize, friends, that most business customers are not fluent with the details of SSL. They know the “lock” icon helps security, but that’s about it. They may not realize SSL is necessary or valuable for their website. To help your customers make the transition, you can use the following process.

1. Identify customers lacking an SSL Certificate

Fortunately, many websites have SSL Certificates in place. In those cases, skip ahead to the “Ongoing Support” section. For everyone else, make a spreadsheet listing the following details:

  • Domains that lack an SSL Certificate. Identify the domains that currently lack SSL.
  • Customer contact details. You need this information to contact them. If you have a small customer base, we recommend going for a personal approach. Even large hosting companies like GoDaddy find time to call their customers.
  • A rationale for reaching out. You can make general recommendations about SSL helping search rankings and protecting customer data. If the customer takes customer payments or sensitive data through their website (including support requests), they have an even greater reason to buy an SSL certificate.

2. Reach out to customers

With your customer list in hand, it is time to reach out to customers. Use the following email template as a starting point:

Dear CUSTOMER NAME,

Your DOMAIN URL doesn’t have any SSL security in place. You may know that a website SSL certificate is one of the most popular ways to secure information sent online. Without SSL in place, your website looks like it’s less secure in Google Chrome, the world’s most popular web browser. Your traffic may also decline because security is a factor in Google’s rankings.

We can offer that you purchase an SSL certificate. To set up your next steps, give us a call or contact us here: XXXX.

Concerned that some of your customers may panic about weak security? You can reassure them that over 25% of US government websites analyzed in 2017 failed SSL testing. They are far from alone. After you complete the initial transition effort, move on to ongoing support.

3. Offer ongoing support for SSL

Like passports, SSL certificates expire. If your customers have expired SSL, it degrades the web experience because you get warnings like this:

Help your customers avoid this type of problem by proactively helping them to keep SSL up to date. We recommend setting up an auto-renewal process to notify customers of charges 30-60 days in advance of the charge. Arguing about the SSL process every year doesn’t help anyone, especially if you’re adding new customers each month.

Plesk’s approach to SSL Certificate providers and web hosts

Now we’ve established why SSL is essential for web hosts. Want to hop on the security bandwagon, then stay on top of SSL and all other requirements for your customers? Use the Symantec SSL Plesk Extension.

Get an SSL Certificate

Symantec SSL certificate

Unlike other approaches to SSL, the Symantec SSL extension brings additional value. Installed on over one million Web servers around the world, Symantec is a tested solution. Therefore, you don’t have to worry about your security falling behind. Because Symantec has the resources to invest in security.

The Symantec SSL extension integrates smoothly into your server management workflow when you use Plesk. If you’re unsure which certificate to pick, the extension helps you make the right choice. Best of all, the business-level SSL comes with a significant warranty. Which is a sign of us standing behind our product and its SSL certificate price.

Make SSL easy for your customers

SSL is not just for banks and e-commerce companies. Google practically requires it. As a web host, your customers look to you to provide guidance on security. Bring SSL into your standard operating procedures for all of your hosting customers. Follow the button below to learn more.

Let’s Encrypt on Plesk: Your key to a free SSL certificate

The web is an endless battleground. The good guys are always trying to keep the bad guys from hacking, ransoming, and conning their way into our online lives. Our best weapon? Encryption. The web works on trust, and thanks to encryption, HTTPS provides exactly that. But if a website is going to use it, it first needs to get free ssl certificate from a Certificate Authority (CA). Such as Let’s Encrypt.

Let’s Encrypt – What is it?

Let’s Encrypt will only issue the file if you can exhibit control over your domain. And you can do that by using a software client that uses ACME (Automatic Certificate Management Environment) protocol. Having the free SSL certificate means your communications get end-to-end encryption.

So, when files pass between your web server and its users, they become unreadable to anyone who intercepts them. And moreover, nobody can tamper with them.

The Electronic Frontier Foundation developed Certbot, which has now become the best known and most widely used ACME client on the block. Certbot verifies the domain’s ownership, fetches certificates, and takes care of TLS/SSL configuration on web servers using Nginx and Apache.

What does a Certificate Authority do?

Certificate Authorities (CAs) vouch for the authenticity of a TLS/SSL certificate when they validate them using cryptography. Operating systems and browsers use a directory of trusted CAs to make sure that site certificates are bona fide.

This kind of authentication was something we had to pay for in the past. But now, Let’s Encrypt has broken tradition to offer automated creation of each free SSL certificate for the end user. The whole thing runs with funding from sponsors and donors.

How Let’s Encrypt does its thing

The ACME protocol that Let’s Encrypt uses talks about how clients interact with its servers when asking for certificates and confirming domain ownership. Some point soon, it’ll be recognized as an official IETF standard.

Let’s Encrypt for HTTPS

Let’s Encrypt provides domain-validated free SSL certificates. This means that after a request for a free https certificate, Let’s Encrypt makes sure that it’s from someone who is truly in charge of that domain. It sends the client a one-of-a-kind token that it uses to create a key. The domain owner then needs to provide this via Web or DNS.

Let’s Encrypt for HTTP

In the case of HTTP, the process is a bit different. The client manufactures the key using the unique token and also an account token. Then the result goes in a file that the web server makes available. And the Let’s Encrypt servers get the file from this address. If the key matches, the client has established domain control, and they get a free SSL certificate.

The ACME protocol can outline a number of tests that a client can use to verify ownership of a domain. For HTTPS that approach resembles that for HTTP, but the client creates a certificate that is self-signed that includes the key. The DNS challenge searches a DNS TXT record for the key.

Let’s Encrypt Certbot Client

Certbot is by far the most widely used Let’s Encrypt client. It bundles up most main Linux distributions and is able to automatically configure for both Apache and Nginx. After it finishes installing, you can get free ssl certificate and update your Apache configuration as below.

sudo certbot –apache -d www.example.com

Certbot will ask some questions, run a challenge, download certificates, update your Apache configuration, and reload the server.

Certbot and Let's Encrypt on PleskAfter this, when you browse to https://www.example.com you will see a green lock which confirms both a valid certificate and an encrypted connection.

Each Let’s Encrypt free ssl certificate lasts for only 90 days, so you need to make sure that you set it to renew automatically.

This command will take care of renewing all a machine’s certificates: sudo certbot renew

If you type this command into a crontab so it runs every day, your certificates will always be renewed 30 days before expiration is due. And Certbot will reload the server after a successful renewal. So long as the initial creation of the certificate includes the –apache or –NGINX options.

More Let’s Encrypt-ACME Clients you should know of

The ACME protocol is open in nature and its documentation is very comprehensive, which has encouraged many other clients to develop.

You can find an up-to-date list of ACME clients here.

Certbot is one of the few clients to offer automatic web server configuration,  but the others do provide features that may be of interest.

  1. If you want to avoid Python and other Certbot dependencies, (perhaps because you want to create certificates in a constrained environment) you can pick one in languages like Go, and Node.js.
  2. Some clients are able to run without root privileges. Which is good. Because we consider running the smallest amount of privileged code good practice.
  3. Lots of clients are able to produce the DNS-based challenge automatically. They do this using the API of your DNS provider to create the relevant TXT record. This challenge also allows for harder to handle cases like encryption of web servers that are only accessible privately.
  4. You will find some clients integrated into web servers, reverse proxies, or load balancers. This makes configuration and deployment a breeze.

Lots of other clients can be used, and lots of other servers and services automate TLS/SSL setup thanks to Let’s Encrypt support.

How to make and update Let’s Encrypt free SSL certificates with Plesk

Plesk has a plugin that lets you handle Let’s Encrypt free SSL certificates.

To work with a Let’s Encrypt SSL certificate the domain name must work in a web browser, regardless of whether or not it has any content. The process only works for a valid domain.

Here is how to get a Let’s Encrypt free SSL certificate for your domain:

  1. Log in to Plesk.
  2. On the (left) sidebar, click Websites & Domains
  3. Click on the Let’s Encrypt symbol to pull up the Let’s Encrypt SSL Certificate page.
  4. Type a valid e-mail address in the box.
  5. Select the “Include www.(example.com)” as an alternate domain name check box. So that the SSL certificate protects your domain with and without the www prefix.

5.1. Failure to check the box will mean that the certificate only relates to example.com. If you select the checkbox, it will be valid for www as well.

5.2. Click Install. When installation finishes successfully you will get a confirmation message.

5.3. If it doesn’t work, check that the domain name is valid. Also, check that the domain is:

  • spelled right
  • registered
  • has proper DNS records
  • accessible in the web

When you create or add a domain to the server, be sure to add the relevant DNS records (with, an A record pointing to the server IP address as a minimum), and allow adequate time for the DNS changes to be disseminated.

6. In the left sidebar, click on Websites and Domains
7. Click Hosting Settings.
8. Under Security, select the SSL support check box, and the Let’s Encrypt SSL certificate in the Certificate list box.

Plesk renews Let’s Encrypt certificates automatically

So you don’t need to do anything. Let’s Encrypt free SSL certificates are valid for 90 days by default. But Plesk renews certificates every month automatically, which is what the Let’s Encrypt developers recommend.

Doing this sooner enhances your site’s security, and it’s clear to you and the visitors to your site. Also, this gives you extra time to find a solution if a renewal doesn’t go through for whatever reason.

Manually renewing an SSL certificate in Plesk

You can also manually renew a certificate if you:

  1. Log in to Plesk.
  2. In the left sidebar, click Websites & Domains
  3. Click the Let’s Encrypt icon and select “Renew”.

What’s new on Plesk Onyx? The March 2018 Update

Have you heard? We’re coming at you with a huge update to our all-in-one platform. You spoke, we listened. So we’ve further aligned Plesk Onyx to the way web professionals work today. And the types of infrastructure hosting sites and web applications use at the minute. Hence, we focused on 5 main areas: Site Performance, SEO, WordPress, Security and Cloud integration. Check it out.

The Fast-Building Part

We’ve improved onboarding for you and your customers. Hello, simplified registration and social login! As soon as you’re on, you get the First Steps Advisor to guide you through the initial steps. Like adding a domain, creating mailboxes and of course enabling your security measures.

We made an SEO Toolkit. Now you can count on Plesk to help analyze your websites, without having to look elsewhere.

  • You’ll get Site Audit for common SEO issues and receive optimization recommendations.
  • Instantly review search engine crawler activity on your sites with Log File Analyzer. Then track your keyword ranking in order to adopt the right SEO strategy.
  • Finally, think smart and monitor your competitors. So that you can react to their and your ranking changes fast.

Consider the WP Toolkit enhanced with single-click NGINX caching and AI updates.

  1. Let’s introduce you to Smart Updates by AI. Using Deep Learning Technology, you’ll bring your WP instances, plugins and themes up to speed.
  2. Configure NGINX caching to significantly speed up every WP site. And while you’re at it configure your plugin and theme sets to come preinstalled with every new WP instance.
  3. Feel safer when updating because you can now have additional restore points before updating WP or syncing data.
  4. Speaking of safe, we’ve added pingback attack protection for extra security.
  5. With all that in place, open shop and activate your eCommerce. Choose to install WooCommerce on the new Plesk Onyx. Learn more about setting up a WooCommerce online store.
  6. You’ll also find that we’ve made WP management and UX better to accommodate more and more users.

The Tighter Security Part

Out with Security Advisor and in with the all-new Plesk Advisor. This is because we’ve expanded this system-wide. You’ll get recommendations, fixes and enhancements for security, performance, reputation, updates, backups and more.

Combine our new SSL certificate manager with the ‘Keep me secured’ feature. Breaking this down, it monitors and automatically secures Plesk, new domains, subdomains and webmail with SSL certificates. You can even choose between Let’s Encrypt or Symantec SSL certificates. Domain Validation (DV) certificates are free, but you can also choose to purchase Organization Validation (OV) or Extended Validation (EV) certificates directly from Plesk.

The Part Where You Run on Schedule

Get up close with Hyperscale Cloud services. It’s easier than ever to integrate AWS with your system using AWS toolbox (RDS, Route53). Experience an elevated backup-to-cloud experience or integrate your own cloud storage backup. We’re talking incremental, scheduled, self-restore, granular restoration for sites, files, databases, mail accounts and more. Not to mention the improved passive FTP support and Maintenance mode

We gave the Plesk Extensions Catalog a facelift. You’ll see the catalog is completely redesigned with intuitive navigation, rapid search, and fast auto-updates (within 24 hours). And let’s face it, our 100+ extension list is currently unmatched.

The repairing and monitoring tools are smarter than before. Yes, it’s possible. The self-repair tool can find resource-consuming processes without SSH and CLI. So you don’t need an expert to do the work. Detect and limit resources by subscription to ensure your infrastructure’s integrity.

Find your fit with the new Plesk Onyx 17.8

Your complete set of technical, security and automation tools – all in one place. We’re a leading WebOps and Web Hosting platform for a reason. Want to effortlessly build projects, secure against vulnerabilities and automate daily tasks – all in a day’s work? Then let us help with Plesk Onyx 17.8.

See which Plesk edition fits you best. If you’re already a Plesk user, get in touch – and see if we can offer you something better.