Canvas Host offers Let’s Encrypt SSL certificates through Cpanel’s AutoSSL service on our Shared and WordPress hosting service lines. The certificates will not be available in our PCI Compliant hosting service line.
Let’s Encrypt provides basic, free SSL certificates to all domains hosted on a Cpanel account. The certificates are issued and installed automatically, and without the sometimes lengthy verification and installation process with other certificates.
Let’s Encrypt SSL certificates are issued for three months, and are automatically renewed so long as you wish to use them.
Let’s Encrypt SSL certificates do not require a static IP address in order to function on your account.
Let’s Encrypt SSL certificates are automatically issued for all service-related subdomains, such as mail.yourdomain.com or webmail.yourdomain.com, for added account access security.
Additionally, Let’s Encrypt SSL certificates will enable you to use your own domain name as the mailserver host when using secure mail, which previously required you to use the server host name.
Most importantly, Let’s Encrypt SSL certificates will allow your website to function under basic SSL security, which is now a requirement to maintain SEO rank with with Google’s indexing service. Websites not hosted under SSL may lose SEO rank among Google and other search engines.
Those are all the benefits of Let’s Encrypt SSL certificates. Here is what the certificates will not do.
Using Let’s Encrypt SSL Certificates
With Let’s Encrypt SSL certificates, you don’t have to configure anything. You can verify the status of all Let’s Encrypt SSL certificates by logging into your Cpanel interface, then going to TLS/SSL -> Manage SSL Sites. You will be shown a full list of currently installed certificates.
To use your website with SSL, you will need to verify several things:
- Your application settings and/or program code will need to reference https:// and not http:// for website links, such as the “Home URL” and “Site URL” settings within WordPress.
- You may additionally need to modify your application’s .htaccess file to force non-SSL requests to SSL.
- You may need to change references to files and scripts in your website’s theme (template) files, as well as IMG SRC tags called throughout your website, changing them from http:// to https:// or better yet, making included files reference from the start of the document root and not include the domain in the link at all.
If you aren’t sure how to do this or do not have a Web designer, Canvas Host can perform these services for you at a cost of $60/hour. For a free quote, please contact our Sales team at email@example.com, or by calling us at 800.574.4299 x1.
Down Sides to Let’s Encrypt
Web browsers on Windows operating systems, XP and older, do not work well with Let’s Encrypt SSL certificates and may show errors to users of those platforms. If you run a website that serves a diverse range of customers, those users may see errors when visiting your website. This is because AutoSSL uses Server Name Identification (SNI), which isn’t supported by older technologies, which tend to rely on SSL certificates being assigned to static IP address hosting accounts. Canvas Host offers static IP addresses at $5 per month.
In terms of validation, Let’s Encrypt issues Domain Validation (DV) certificates. They do not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates, as those cannot be automatically issued.
Let’s Encrypt SSL certificates do not include any warranty and should not be used for encrypting information sent to or received from your website, such as accepting credit card payments from website visitors. If your website’s security is hacked and customer information is compromised, you would be directly liable for that breach and not covered by any warranty.
Although PCI (payment card industry) standards currently accept DV certificates, PCI rules are subject to continuous change, and at some point Let’s Encrypt certificates will not pass PCI compliance rules.
For these reasons, we do not recommend the certificates be used in place of paid certificates offered by Canvas Host, which include a warranty, are known to pass PCI compliance, and are supported by Canvas Host.
More information on Let’s Encrypt may be found on their website, at: https://letsencrypt.org/