How do I get a free Lets Encrypt SSL certificate for my website?
An SSL (Secure Socket Layer) certificate is required for the conversation between your website and a visitors browser to be secured. It's now best practise to load all sites over https://
rather than http://
- your visitors will see a secure padlock in their web browser and can be sure that data they enter into your contact form or purchases from your online store are secure.
Krystal offers free SSL certificates from AutoSSL. You can issue these yourself from within your hosting cPanel.
You will need your cPanel username and password to access this directly, or you can access cPanel from within the Hosting section of your Krystal Client Area.
- Access cPanel by visiting your domain with
/cpanel
on the end e.g.https://example.co.uk/cpanel
- and then login. - Click the SSL/TLS Status icon within the SECURITY section of cPanel
- All of your domains will be included by AutoSSL by defult. To issue a certificate for all of your domains, click the "Run auto SSL"
Excluding domains
AutoSSL will automatically attempt to issue an SSL certificate for all of your domains and associated subdomains. For the majority of users, this will be fine, however, if you use a 3rd party mail provider, certain subdomains like mail.yourdomain.tld may point elsewhere and as such AutoSSL cannot issue a certificate for this domain.
If a certificate cannot be issued for a subdomain, this will not impact any of your other domains/subdomains certificated, however, it will issue a notification email. To prevent this, you will need to exclude the domain from AutoSSL
AutoSSL is failing because those subdomains no longer point to the server. AutoSSL just needs to be told to exclude those domains that are failing.
To do this:
- Access cPanel by visiting your domain with
/cpanel
on the end e.g.https://example.co.uk/cpanel
- and then login. - Click the SSL/TLS Status icon within the SECURITY section of cPanel
- Where you see the warning "An error occurred the last time AutoSSL ran" then click "Exclude from AutoSSL".
Once this has been done, the next time AutoSSL runs, it won't attempt to renew a certificate that covers those subdomains and the SSL will be issued without any warnings.
If you have a subdomain that fails but you would like to issue a certificate, you will need to create a DNS record for this with your DNS provider. Once this has propagated you will be able to issue a certificate as shown above.
https://