Visual Guide To Installing a Let’s Encrypt SSL on Media Temple or a PLESK Hosting Account

By March 22, 2018Technology, Web Development
wallydavid.com

This is a fairly easy visual guide to installing a Let’s Encrypt SSL on Media Temple or PLESK panel hosting accounts. If you want to know how to do this in cPanel or GoDaddy click here.  A couple of things to note right from the start, Let’s Encrypt SSL Certificates are only issued for 90 days!

This means, every 90 days you will have to repeat this process. But don’t let that turn you off.  SSL for free offers a very convenient account that lists the domains you’ve secured, and offers an easy click to renew button that will send you notifications to re-install. Best of all, this option saves you from paying the crazy SSL fee’s that companies are charging.

This whole process takes about 5 minutes and is MODERATELY EASY.



START

Start by logging into your Media Temple or Plesk account and keeping the window open.
Open a new tab or window (side-by-side) if you can and then head over to https://www.sslforfree.com

Type your domain into the certificate box on SSL for Free. For this example I’m using the made up domain name: testdomain1.com – then click the Create Free SSL Certificate button to continue.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

You’ll notice it will encrypt the WWW and Non-WWW domains. Later, you also see that it finds any  related domain provider sub-domains (if this is an add-on domain and you have multiple websites on one hosting account), as well as the MAIL prefix for securing mail.

At this point you’ll have to verify the domain.
This involves downloading two files and uploading them into a folder in your root domain directory and clicking a link, or entering FTP credentials and pointing it towards the folder. Optionally, you can add a TXT record to your domain DNS hosting file too, but it takes over an hour since GoDaddys shortest TTL refresh is 1 hour. All your doing at this point in laymens terms is just proving you own the domain before they generate an SSL certification. Basically choose one of the three big green buttons to choose your adventure and follow the instructions.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

OPTION 1 – FTP VERIFICATION (EASY)

This is pretty easy. Just put in the settings for your websites FTP account and it will create the directories and upload the verification files to your domains root.

Note: If you host multiple websites on the same server, make sure you choose the path to the folder containing the site that will get the certificate and NOT the server root or PUBLIC_HTML.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

OPTION 2 – MANUAL VERIFICATION

(EASY – How I recommend doing this step)
Pretty much the same thing, but you have to create the folders and upload the verification files yourself. Once they are uploaded, you have to click to links to verify the files are there.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

You’ll need to create a folder in the root of the domain you are installing the SSL in called “.well-known“, then INSIDE that folder, you’ll need to create another folder called “acme-challenge” to upload the verification files to. Open you GoDaddy account, click on your hosting and go into your cPanel. Choose “File Manager”. This is where you’ll upload the files.

Create a new folder called: .well-known

Inside that folder create a folder called: acme-challenge

Now jump back to the SSL for free page you still have open in the other tab or window. You’re going to want to download the two files and upload them to the new “acme-challenge” directory on the server:

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

IMPORTANT NOTE MAC USERS: Once you’ve downloaded/uploaded the two files, you’ll notice that they have a .DMS extension. You have to REMOVE the extension for this to work.

Once both files are uploaded to the acme-challenge folder directory on the server, go back to the SSL for free page and click the two links shown below to verify the files are in the right place. You should get the same string of numbers in your browser as the file names when you click the links. If you don’t, you did something wrong or the permission on the folders aren’t right. I used 755 on the folders and 644 on the files.

NOTE: All you have to do is get the strings to appear in the browser window without a 404 error at both links. There is no “it worked” message or anything. This is just verifying that the certificate can see these two files.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

OPTION 3 – TXT DNS ZONE FILE VERIFICATION

The last option, this takes the longest. Since MediaTemple is not a Domain name reseller, only a hosting provider this next section will show you how to do this using GoDaddy, but the steps are roughly the same with Network Solutions, Host Gator, 1&1, etc.

This step is basically adding a TXT record to your domain Zone File. Here is why I don’t recommend this way. TTL (Time to life) or the time that DNS changes take place after a Zone File change on some domain providers such as GoDaddy and others is 60 minutes. I found that the SLL for Free site timed out in 10-15 minutes making you start over. So waiting for a 60 minutes TTL doesn’t make sense. But, if your domain providers TTL is 10-15 minutes go for it.

Go over to your GoDaddy account in the other tab or window you have open and click MY PRODUCTS from the menu if your not there already. Under your domains, click MANAGE ALL.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

Click on the domain you are adding the SSL Certificate to so you can edit the DNS Zone File settings:

Install Let's Encrypt SSL on GoDaddy cPanel HostingFrom here, scroll to the bottom and choose the MANAGE DNS link:

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

Scroll down and click “ADD” and choose TXT Record:

The first host is “_acme-challenge.testdomain1.com” then value is the long string of numbers.
The second host is “_acme-challenge.www.testdomain1.com” then value is the long string of numbers.

NOTE: Replace testdomain1.com with your domain name. You can just copy and paste these values from step (2) in the instructions with your specific values.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting
Once this is done, click the verify button at the bottom of the SSL for Free page. You may need to wait for your domain providers TTL to update on the zone file for this to work.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

GETTING AND INSTALLING THE SSL

You made it to this point. Good for you! All of this up to this point was just to get to the place where you could click this button at the bottom of the page.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

Which oddly enough, doesn’t actually download anything. So if you’ve verified ownership of the domain, click away.

You’ll get a screen that looks like this. DO NOT CLOSE THIS WINDOW!!!!!

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

In your other tab or window, if your not in your PLESK panel, login now. Look for SSL/TLS Certificates under the Hosting Settings section of the domain you are managing and click on it.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

Choose “Add SSL/TLS Certificate

Fill out the certificate name and owner address:

Note: The certificate name is only from identification in the PLESK certificates list. I suggest naming it the domain and the month and year. ie: domain-name-3-18

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

Scroll down, now copy each section from the SSL for free site into the PLESK SSL INSTALL screen into the corresponding sections.

Note: The PLESK install fields are reversed a bit compared to cPanel. This is true for the latest version as of March 2018, so just watch where you are copying these certificates or the installation will fail when you click save.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

Click save, your new Cert should appear in your domains certificates list:

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS
Head back to the Websites & Domains section of PLESK and click on HOSTING SETTINGS for the domain you are managing.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

All the magic to apply the SSL Certificate happen on this screen. Choose www or non WWW, check the SSL/TLS support & Permanent SEP-safe 301 redirect from HTTP to HTTPS boxes. Pull the drop down menu to select the SSL Certificate you created on the previous screen and click apply. Your done with the Media Temple PLESK SSL Install.

Note: There is an SSI support click button too. This is optional, but basically it will force SSL on SMTP email services. If your not sure, or you are running an Exchange Server or Office 365 with another SSL installed, leave it unchecked. It could Mess up your email and release an evil mouse that will eat all the cheese in you email client.

VISUAL GUIDE TO INSTALLING A LET’S ENCRYPT SSL ON MEDIATEMPLE OR PLESK HOSTING ACCOUNTS

IMPORTANT DON’T CLOSE ANY BROWSER WINDOWS YET

The next part is on the https://www.sslforfree.com page, CREATE AN ACCOUNT BEFORE YOU LEAVE THAT CERTIFICATION PAGE!!!!

This will allow you to manage and rekey your SSL certificates. Remember, these certificates are only valid for 90 days, so you’ll need to log into your account and click the renew button every three months.

Whats handy about creating an account is that is will notify you to renew your certifications, as well as give you a handy list to view your active certifications.

Install Let's Encrypt SSL on GoDaddy cPanel Hosting

LAST BUT NOT LEAST

If your using a content management system like WordPress, remember to login and change all your permalinks to HTTPS. If your using static HTML or PHP, then make sure and change all your on page link URL’s to HTTPS.

Also, to force HTTP to HTTPS on static sites you may also need also add an .htaccess file to force the redirect with a rule that looks something like this:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Make sure to replace example\.com with the domain name you’re trying force to https. Additionally, you need to replace www.example.com with your actual domain name.