Adding an SSL certificate to your domain is an absolute must nowadays to secure visitor’s data and improve your SEO.
Note: If this is a new domain, please allow time for DNS to update after pointing the domain to our nameserver. This may take anywhere from 15 minutes to 48 hours depending on the ISP. Let’s Encrypt cannot create the SSL certificate until this is finished.
What is SSL (or TLS)?
SSL (Secure Sockets Layer) is a security protocol that encrypts sensitive information transferred over the internet. While SSL has largely been replaced by its successor TLS, they are still often collectively referred to as SSL.
A site using an SSL certificate will show as “Secure” in most browsers and will use the “https” URL protocol.
SSL has become a standard for all internet sites and communications and is now required by Google and many other companies.
Obtaining Your SSL Certificate
- Log in to DirectAdmin.
- Navigate to the appropriate user account and select the domain from the drop-down at the top of the page.
- Under the Account Management menu select SSL Certificates.
- Check the box in the top row for “Free & automatic certificate from Let’s Encrypt”.
- Make sure the “Common Name” field shows the common name of your domain, i.e. ‘domainname.com’.
- Leave “Key Size” and “Certificate Type” at their default values, 4096 and SHA256.
- Select each domain and subdomain that need SSL from the list. This should include ‘domainname.com’ and ‘www.domainname.com’ and any subdomains that have pages that need to be secure. You may see your other domains and subdomains listed here as well, but we recommend selecting only those subdomains associated with this one domain. You can create separate certificates for other domains.
- Click the “Save” button.
Generating the certificate may take a few minutes. You will see a confirmation pop-up if your certificate was created successfully or if it encountered an error.
Common Errors
These are some common errors you may see when trying to create a Let’s Encrypt certificate.
Error:
Details Requesting new certificate order... Processing authorization for mydomain.com... Error: http://mydomain.com/.well-known/acme-challenge/letsencrypt_1532794576 is not reachable. Aborting the script. dig output for mydomain.com: 76.9.21.174 Please make sure /.well-known alias is setup in WWW server.
Solution: The domain is not pointing to the name server. Make sure you have pointed your domain to our nameservers, ‘ns1.vacares.com’ and ‘ns2.vacares.com’, and allow up to 72 hours for DNS to update.
Error:
JWS has invalid anti-replay nonce
Solution: Occasionally Let’s Encrypt fails with this error, but if you try requesting the certificate again it should work.
Checking for Insecure Content
After setting up SSL, test the secure version of your site at ‘https://yourdomain.com’;. You will need to check each page for insecure content errors, and fix them accordingly.
For instructions on finding and fixing insecure content, see our support guide here .
Redirecting Traffic to the Secure Site
Once your site is fully secure, you can set up a redirect from http to https so that all traffic reaches the secure version of your site.
For instructions on redirecting to https, see our support guide here .