SSL expiry on Namecheap
Currently with Namecheap shared hosting plans, you get a free SSL certificate for 1 year. After this time, you’ll be prompted to purchase a renewal SSL certificate.
By not renewing you risk losing your website’s SEO ranking on search engines, increase data protection issues, lose visitor and browser trust.
When you first buy a domain from Namecheap, you get 1 free SSL for the 1st year only as explained on their site here. If this is what you actually want to do then follow this guide, otherwise continue below.
What does non SSL or http protocol address look like?
Depending on the browser used, it can be identified as having no padlock, no information in certificate details and flags as a malicious/dangerours/high risk website by web browsers. Commons error messages will be “Your connection is not private” and/or “ERR_CERT_DATE_INVALID” if one has expired.
Principle of SSL certificate
This is the secure version of a http site hence the S for secure [sockets layer] which upgrades the http protocol to https.
SSL encrypts data in transit so when it leaves your device and travels over the internet and is decrypted on the other side which could be the server which hosts the website. The type of attack it would prevent or make significanlty make harder is a MITM attack, which means to listen in/ability to read the data transiting between your device and another.
This is why if you take payments on your site, then to be PCI compliant you need to encrypt or jumble up the data otherwise you’re potentially making it easier for an attacker to steal your customers bank card details, which you could be held responsible for failing to implement basic security.
It’s important to note that a customer probably won’t even reach the payment stage as most browsers will just flag your site as dangerous so you’ll possibly just lose customers at the first hurdle – this is shown in the screenshot above.
To support HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA) who issues them. In order to get a certificate for your website’s domain name (i.e. techbeatz.co.uk) from a C.A, you must prove ownership of that domain. There are a few methods to do this which will be covered later.
How to get and install an SSL certificate
Note: The website needs to be ready to use/accessible i.e. it’s runnung as normal using the http protocol
1. Pick the type of SSL certificate that is suitable
The first step is to pick the type of SSL certificate that you will need. The type of SSL you need may determine the provider that you may need. Because not all SSL providers provide all types of SSL certificate.
For most people, Domain Validated (DV SSL) is enough – which we will be covering in this article. For some others who may require more sensitive data, OV SSL or EV SSL will do.
2. Generating the Certificate Signing Request (CSR)
Generate the Certificate Signing Request (CSR) on your server. The process of generating it depends on your web host and server panel.
3. Submit CSR to certificate issuer
Once you have generated the CSR, submit it to the certificate user. They will use this to validate your domain and get your SSL certificate ready.
4. Install SSL certificate
After validation, you will be issued a SSL certificate, which you need to install/upload. The process may differ by web host and server panel.
Free SSL Providers
- Letsencrypt – currently only supporting non GUI method/Shell
- Zerossl/SSL for free – currently supporting GUI method
- Cloudflare – currently supporting GUI method, but validation method via DNS which requires re-pointing nameservers
There are broadly 2 overall methods for this process, either using a Shell (LetsEncrypt )or non shell (SSL for free). We’ll be opting to use the latter – non shell/GUI as this maybe the easiest option.
Pre-requisites
- This guide is based on NameCheap as the hosting provider, but as long as you have access to a cPanel of your website, then you should still be able to follow
- Select your chosen free SSL provider – we’ll be using SSL for free/Zero SSL as the process is very user friendly, deemed secure (certificates have SHA-384 signature algorithm by default), they provide DV certificates (which we established was the version we needed earlier) and it’s free for 90 days (you can pay for a certificate which lasts for 1 year)
- This tutorial is without Shell access i.e. GUI version
- TIP: Simply bookmark this page so you can just come back to it and renew upon expiry
#NameCheap #ZeroSSL #SSLForFree #FreeSSLCertificate #GUITutorial
Step by step guide – Renew SSL certificate
First make sure you can access to cPanel of your website. Typically, you can access your account by navigating to https://YourWebsiteDomain.com:2083 but this option may not work with NameCheap. Login to your Namecheap account and you should be on the dashboard. To access the cPanel, click on Hosting on the left menu and then cPanel option should be available near your website details. Note that the website/subscription maybe different if you host more than 1 website. You will still be able to access the “child” website from this cPanel button
Once access confirmed, we will setup the certificate. Head over to www.sslforfree.com and enter your website domain, then click “Click Free SSL certificate”.
Complete the registration details and proceed. The following dashboard will come up, check the details and continue
Select the free for 90 days option unless you want to pay for 1 year instead
We need to generate a CSR so the default option is fine – this will generate a CSR and a private key
We need to confirm the order, so just double check the information and proceed
Now that our the CSR is generated, we need to verify domain ownership and this method can differ, but options tend to be;
– Email verification where an email is sent to an address linked to your website domain i.e. admin@yourwebsite.com
– DNS (cname) which requires you to change your nameserver, which can be done on your hosting dashboard
– HTTP file upload requires you to upload a file provided by the SSL provider which you then need to upload onto a publicaly accessible section of your website. All of these options have a similar idea in that only the owner or someone with the appropriate authority is able to access/configure these 3 options
We will proceed with option 3: HTTP file upload method. In step 1 below, click on the blue text “Download Auth File“
Once downloaded, the file should look something like this in your computer’s Downloads folder;
Go to your website cPanel and from the left pane, select public_html folder. Once done, this will update the current location as shown below (next to the house icon)
Now we need to create 2 folders. Click on + Folder to create them and input the first part of the URL upload path that was provided by SSL provider
Then go into this new folder and repeat the process by creating another folder with the name pki-validation
If you get an error saying the folder already exists then just do a search in the top right corner and enter .well which should populate the location of an existing folder structure. This means you don’t need to create the folders in the steps above, so double click them and proceed to the next step.
This happens as the folder is hidden – if you want to see it then click on Settings and show hidden files
Double check that the folder link shown is the same as the path you just created i.e. I will check the path created matches up with step 3 as shown
Now upload the file downloaded earlier and again, double check the folder path
Now proceed to the next step which is to verify the domain. Click Verify domain
If successful, then next 2 steps will be shown as below
Next click on server type options and click cPanel and click next step
Then download the zip file and Extract the zip files (right click and Extract All). After downloading your certificate, you should have a ZIP containing the following certificate files;
- certificate.crt
- ca_bundle.crt
- private.key
Now we need to do the rest in cPanel. Login to your cPanel as per the begining of this article. Scroll down to the “Security” section of the cPanel homepage and select “SSL/TLS” to access the SSL/TLS Manager, which allows you to manage the configuration of SSL & TLS certificates.
Click “Install and Manage SSL for your site“
Use the “Domain” dropdown menu to select the domain you would like to install your SSL certificate for and click on “Update Certificate“
Open the Certificate file you downloaded with a text editor like Notepad. Copy the full text including the header and footer starting with —–BEGIN CERTIFICATE—– and ending with —–END CERTIFICATE—–
Select the relevant website domain and then enter (copy & paste) your certificate files (certificate.crt, ca_bundle.crt & private.key) into the respective fields
When you paste the CRT, you should see your website details below
Finally, click on “Install Certificate”.
Check if installation was ok by seeing this confirmtion
Now notice how there is no warning icon next to the site
You have completed all the required steps to install your SSL certificate! To check whether or not your certificate has been installed correctly, simply use the built-in ZeroSSL “Check Installation” tool or simply try accessing your domain using HTTPS, e.g. https://YourWebsiteDomain.com
We can now see that we do have a secure padlock icon, there is certificate trust information and the site protocol is https.
Links:
#NameCheap #ZeroSSL #SSLForFree #FreeSSLCertificate #GUITutorial
Leave a Reply
You must be logged in to post a comment.