How do I get a free Lets Encrypt SSL certificate for my website?

An SSL (Secure Socket Layer) certificate is required for the conversation between your website and a visitors browser to be secured. It's now best practise to load all sites over https:// rather than http:// - your visitors will see a secure padlock in their web browser and can be sure that data they enter into your contact form or purchases from your online store are secure.

Krystal offers free SSL certificates from AutoSSL. You can issue these yourself from within your hosting cPanel.

You will need your cPanel username and password to access this directly, or you can access cPanel from within the Hosting section of your Krystal Client Area.

  1. Access cPanel by visiting your domain with /cpanel on the end e.g. https://example.co.uk/cpanel - and then login.
  2. Click the SSL/TLS Status icon within the SECURITY section of cPanel
  3. All of your domains will be included by AutoSSL by defult. To issue a certificate for all of your domains, click the "Run auto SSL"
Tip: AutoSSL will run once per day and will automatically replace any certificates nearing expiration (including non Let's Encrypt certificates!).

Excluding domains

AutoSSL will automatically attempt to issue an SSL certificate for all of your domains and associated subdomains. For the majority of users, this will be fine, however, if you use a 3rd party mail provider, certain subdomains like mail.yourdomain.tld may point elsewhere and as such AutoSSL cannot issue a certificate for this domain.

If a certificate cannot be issued for a subdomain, this will not impact any of your other domains/subdomains certificated, however, it will issue a notification email. To prevent this, you will need to exclude the domain from AutoSSL

AutoSSL is failing because those subdomains no longer point to the server. AutoSSL just needs to be told to exclude those domains that are failing.

To do this:

  1. Access cPanel by visiting your domain with /cpanel on the end e.g. https://example.co.uk/cpanel - and then login.
  2. Click the SSL/TLS Status icon within the SECURITY section of cPanel

  1. Where you see the warning "An error occurred the last time AutoSSL ran" then click "Exclude from AutoSSL".

Once this has been done, the next time AutoSSL runs, it won't attempt to renew a certificate that covers those subdomains and the SSL will be issued without any warnings.

If you have a subdomain that fails but you would like to issue a certificate, you will need to create a DNS record for this with your DNS provider. Once this has propagated you will be able to issue a certificate as shown above.

Please be aware that if you complete this process before setting up your website (e.g. installing WordPress) then it's likely no further action is required and you can choose to use the https website address during the install or site build. However, if your site is currently up and running using http:// then you will need to perform further site-specific tasks to get it working correctly over https://For WordPress this can sometimes be achieved using a third-party plug-in like Really Simple SSL (external link opens in a new window), but it's often better to have a developer help you update the WordPress settings and database so that all resources are correctly served over https://


How did we do?


Powered by HelpDocs (opens in a new tab)
© Krystal Hosting Ltd 2002–