How to install an SSL certificate

1
Having a website running with SSL at 100% is highly recommended :

- a padlock in your URL without warning gives immediately a good impression of you to visitors
- maximize your customers' trust (personal and financial datas integrity)
- get a better ranking because Google integrates this variable in its ranking :
https://ahrefs.com/blog/http-vs-https-for-seo/ 
- reinforce your web security against certain types of web attacks

- Get HTTP/2 protocol benefits : speed + security
- Conclusion : more sales !

Read also :
https://www.yoorshop.hosting/announcements/964/Important-announcement-of-Google-regarding-SSL-starting-January-2017.html
mode http2


How ?

In old days, it was pretty complicated to install an SSL, but lately, it is now possible with only few clicks with us !
(SSL certificates are free and unlimited in all our shared offers...)

To be able to install an SSL certificate (unlimited), your domain must resolve to our server, by IP or with our DNS (propagation time must have gone through sufficiently)

1. Automatic method :
With AutoSSL from cPanel, this system generate free SSL automatically every 24 hours for a period validity of 3 months on all domains/subdomains, and renew them also automatically 2-3 days before expiry, you can then ignore message : 'This certificate will expire soon'
It operates every 24 hours at around 6AM Paris time, and also each time a domain is added on server, it must resolve to our server before so that SSL can be installed :
Check current IP of your domain (it must match the one in your cpanel account in advanced DNS zone) :
https://www.whatsmydns.net/#A
Your DNS :
https://www.whatsmydns.net/#NS
(they must correspond to those given in the mail given during your order which includes all informations of your services)
NB : SSL will be installed only when these previous changes are done and propagated enough, 1 hour for A entry, several hours for DNS

Now, check and see in your cPanel, section Security : "SSL/TLS Status", if any SSL was already installed on your domain, You will see "AutoSSL domain validated" if the case...

Security cPanel

If the case is no, use the manual method as described below.


2. Manual method :

You can install your free and unlimited SSL certificates

Go to section Security, icon "SSL/TLS Status" :
Select include/exclude depending on where you want SSL to be installed, in general :
yourdomain.com
www.yourdomain.com
mail.yourdomain.com

Click on Run AutoSSL as shown below.
Come back on this same page at least 1-2 minutes after to see if SSL has been installed, by refreshing the page. Wait more if not yet the case. After, you must wait 1 minute to let our system regenerate server config and make SSL working. Finally, clean your browser cache or use another browser temporarily in case of error : warning SSL. If error SSL persist for now, check with a web proxy : https://hidester.com/proxy

Let's encrypt cPanel

NB 1 : once on your SSL installed, you have to wait 1 minute for server to take into account your SSL, and type your domain with https:// to get a preview.

If you get warnings in the URL in firefox, you need first to clear cache of website now, and of your browser.
If you still get warnings in the URL in firefox, or no locksmith in chrome, this means some URLs are in still coded as http, this can imply modules, you must first enable SSL mode in your CMS :
- prestashop has this native SSL feature in admin
- for wordpress just make your domain look alike https://www.yourdomain.com in settings/general. To redirect old pages http to https, install plugin Easy HTTPS Redirection, find in general settings HTTPs redirection, click : 
Enable automatic redirection to the "HTTPS"  + The whole domain
Force resources to use HTTPS URL

For other CMS, read the documentation

Resolution of persistent warnings in address bar of your browser :
use SSL info in top left of your browser to find out which one, click "medias", "more informations"... Sometimes, a few modules need reinstalling to get the new https path, other times, you need to hard code.

NB 2 : These SSL expires every 3 months, and they are renewed automatically before expiry date !
NB 3 : concerning google webmaster tools, you can now add the ssl version of your domain
NB 4 :
For the story of the "www" it is possible to make it work in the case of sub-domain, it depends how you created the sub-domain with or without "www.", rare case
NB 5 : a folder named will be created in your website files : .well-known, leave it as it is, it will be used for future automatic renewals...
NB 6 : you can't add a SSL on a domain added type : "alias"
NB 7 : after redirect to SSL, google will take this into account, you must add version https:// of your website into webmaster tools


2.
If your site/CMS has no SSL feature in any way

A. Go to the Domains section of your cPanel : Redirects, and program what you want

OR

B. By direct insertion in your .htaccess (if you have no file named .htaccess, create it at root of files of your website with dot like this : .htaccess) : 
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you use domain without www , then you should redirect all www request to non www ones, replace lines 2 and 3 by these :

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

OR

C. Via icon Nginx manager in your cPanel, choose domain, and go to Redirections tab, you can set redirect to SSL, and also www/without www, click after on Apply on the left


Verification SSL http2 :

https://tools.keycdn.com/http2-test 


3.
 HSTS : your can get your SSL certified HSTS, giving a A+ level to your SSL, if :

- you use ONLY 100% SSL (all your pages)
- your website does not show any warning of your SSL on any page
- don't use cloudflare free version, as it will not be compatible with SSL

Then, we can push you up to top HSTS high security/performance level :
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security 

HSTS is activated by default from Dec 2nd, 2019, because all websites must use SSL nowadays

In case of problem with HSTS or security packages with this feature, read this article

This will give you confirmation that this mod is now being active and you will get same as this client : SSL with A+, you can test online, example:
https://www.ssllabs.com/ssltest/analyze?d=e-benedetti.fr 


4. Optional :
Add your site version https in google webmaster tools, with adjusted sitemaps with https URLs...Google will understand better the link between your gained SEO with http site to transfer it to your https website.

EV SSL certificate
If you want a green bar like us, you must buy this specific SSL to our recommended partner :
https://www.gogetssl.com/
The one we have is :
https://www.gogetssl.com/extended-validation/comodo-ev-ssl/ 
You must have a firm to buy this last one (not working if sole trader), and you will have to complete the administrative process with Comodo and support Gogetssl. (We recommend you to buy it for 2 years directly to avoid the administrative renewal process)

You will need your DUNS from beginning, get it free within 30 seconds thanks to YOORshop :
http://fedgov.dnb.com/webform/pages/CCRSearch.jsp 

Once you have your certificate, follow the procedure with their interface, and in your cPanel : SSL/TLS.

Also Read

Backup and restore of your files

1. Automatic restore (Your data are also kept external server over last 15 days for shared...

Optimal technique for DNS update

The DNS to be inserted for your hosting service are mentioned in the email of access that...

Two-Factor authentication 2FA cPanel

Find the icon in cPanel, Security section: Two-factor authentication To configure 2FA, perform...

Real-time Ddos attacks in the world

https://www.digitalattackmap.com   https://threatmap.checkpoint.com

You are under ddos attack ?

    Ddos attack ? Let's talk about it in case we did not already intervene :) Naughty IPs...