Free HTTPS-certificate: instruction for receiving

If you collect any important information on your website (including email and password), then you need to be safe. One of the best ways to secure yourself is to enable the HTTPS certificate, also known as SSL (Secure Socket Layer), so that all information coming to and from your server is automatically encrypted. HTTPS certificate prevents hackers from hacking confidential information of your users while storing it on the Internet. They will feel safe when they see the HTTPS certificate when they access your site, knowing that it is protected by a security certificate.

Advantages of HTTPS certificate

The best thing in an SSL certificate, like in HTTPS, is that it's easy to configure, and once that's done, you need to send people to use the HTTPS certificate instead of HTTP. If you try to access your site by placing https: // in front of your URLs right now, you will receive an error message about the HTTPS certificate error. This is because you did not install the SSL HTTPS certificate. But do not worry - we'll set up right now!

Your visitors will feel safer on your site when they see the HTTPS certificate when they access your site - knowing that it is protected by a security certificate.

What is HTTPS?

HTTP or HTTPS are displayed at the beginning of each URL of a website in a web browser. HTTP is the protocol for transferring hypertext, and S for HTTPS is Secure. In general, this describes the protocol by which data is sent between your browser and the website that you are viewing.

The HTTPS certificate ensures that all communication between your browser and the website you are viewing is encrypted. That means it's safe. Only receiving and sending computers can see the information when transmitting data (others can access it, but will not be able to read it). On secure sites, the web browser displays a lock icon in the URL area to notify you.

HTTPS must be on any website that collects passwords, payments, medical information or other sensitive information. But what if you can get a free and valid SSL certificate for your domain?

How does the protection of the website work?

To enable the HTTPS security certificate, you need to install SSL (Secure Socket Layer). It contains the public key, which is necessary for the safe start of the session. When an HTTPS connection with a web page is requested, the site sends an SSL certificate to your browser. Then they initiate an "SSL handshake", which includes a "secret" separation to establish a secure connection between your browser and the website.

Standard and Advanced SSL

If the site uses a standard SSL certificate, you will see a lock icon in the browser URL area. If you use the Extended Validation Certificate (EV), the address bar or URL will be green. EV SSL standards are superior to SSL standards. EV SSL provides the identity of the domain owner. Obtaining an EV SSL certificate also requires applicants to undergo a rigorous evaluation process to confirm their authenticity and ownership.

What if I use HTTPS without a certificate?

Even if your website does not accept or transmit sensitive data, there are several reasons why you might want to have a secure website and use a free and valid SSL certificate for your domain.

Performance. SSL can improve the time it takes to load a page.

Search engine optimization (SEO). The goal of Google is to make the Internet safe and secure for everyone, not just for those who use Google Chrome, Gmail and Drive, for example. The company said that security will be a factor in how they rank the sites in search results. While this is not enough. However, if you have a secure website and your competitors do not, your site can get a higher rank, which may be necessary to increase its popularity from the search results page.

If your site is not secure and it collects passwords or credit cards, then users of Chrome 56 (released in January 2017) will see a warning that the site is unsafe. Visitors who are not familiar with the technology (most users of the website) may be alarmed when they see the "HTTPS certificate error" window and leave your site, simply because they do not understand what it means. On the other hand, if your site is protected, it can make visitors more at ease, which will increase the likelihood that they will fill out the registration form or leave a comment on your site. Google has a long-term plan to show all HTTP sites as unsafe in Chrome.

Where can I get a free HTTPS certificate?

You receive an SSL certificate from the certification authority. Such certificates are valid for 90 days, but an extension of 60 days is recommended. Some reliable free sources:

• Cloudflare: free for personal sites and blogs.
• FreeSSL: free for non-profit organizations and start-ups at the moment; It can not be a Symantec, Thawte, GeoTrust, or RapidSSL client.
• StartSSL: Certificates are valid for 1 to 3 years.
• GoDaddy: certificates for open source projects are valid for 1 year.

The certificate type and its validity period depend on the source. Most authorities offer standard SSL certificates for free and charge for EV SSL certificates if they provide them. Cloudflare offers free and paid plans and various additional options.

What should I consider when I receive an SSL certificate?

Here Google recommends a certificate with a 2048-bit key. If you already have a 1024-bit certificate that is weaker, it recommends updating it.

You will need to decide whether you need one, multiple domains or a group certificate:

1. One certificate will be used for one domain (for example, www.example.com).
2. A multi-domain certificate will be used for several well-known domains (for example, www.example.com, cdn.example.com, example.co.uk).
3. A wildcard certificate will be used for a secure domain with many dynamic subdomains (for example, a.example.com, b.example.com).

How do I install an SSL certificate?

Your web hosting can install the certificate for free or for a fee. Some hosts actually have the option of installing Let's Encrypt in their personal cabinet cPanel, which simplifies the work. Ask your current host or find one that offers direct support for Let's Encrypt. If the host does not provide this service, your website maintenance company or developer can install a certificate for you. You should be prepared for the fact that you will have to update the certificate very often. Check the timeframe with the certificate.

What else needs to be done?

After you receive and install the SSL certificate, you must force SSL on the site. Again, you can ask your web host, service company or developer to perform this action. However, if you prefer to do this yourself, and your site runs on WordPress, you can do this by downloading, installing, and using the plugin. With the latter option, be sure to check compatibility with your version of WordPress.

Two popular plug-ins for forced use of SSL: simple SSLWP, forced SSLSSL plug-in. Be sure to back up your site and be very careful when doing this. If you misconfigure something, it can have deplorable consequences: visitors will not be able to see your site, images are not displayed, scripts are not downloaded, which will affect how some things on your site function, for example, typography and colors are not displayed properly Way.

You need to redirect users and search engines to HTTPS pages using 301 redirects in the .htaccess file in the root folder on the server. The .htaccess file is an invisible file, so make sure that your FTP program is configured to show hidden files. In FileZilla, for example, go to Server> Force Hidden Files. FileZillaBefore, before adding redirects, it would be nice to create a backup copy of the .htaccess file. On the server, temporarily rename the file, deleting the period (which makes it invisible in the first place), download the file (which will now be visible on your computer as a result of deletion of the period), then add the period back to that on the server.

Edit Google Analytics Settings

After completing these steps, you need to change the preferred URL in your Google Analytics account to display the HTTPS version of your domain. Otherwise, the statistics of your traffic will be disabled, because the version of the HTTP URL is perceived as a completely different site from the version of the HTTPS certificate. The Google Search Console treats HTTP and HTTPS as separate domains, so add the HTTPS domain account to it. Remember, when you switch from HTTP to HTTPS certificate, if there are special access buttons on your site, the counter will be reset.