Tag: ssl

Making Your Word Press Site Secure with SSL for Free

Well, it has been quite a journey of learning and it has been quite good. Green Geeks, a big American website hosting company upset myself and a few other customers about their unwillingness to support the latest and best free and open encryption service, Let’s Encrypt.  They wanted to sell their SSL certificates instead.  The mentality is quite different from this hosting company that we found called Siteground who looks at the big picture.  Let me think for a second.  I’m a customer.  I want to choose my hosting company.  One company says ‘come over here and we’ll let you do your own certificates or we’ll sell you one” or company B says ‘We will sell you one and it’s our way or the highway.”  Which one will I choose?  Green Geeks needs to wake up and smell the coffee.

Anyway, Green Geeks forced me to figure it out by myself but it’s working. I got SSL installed on all my domains at Green Geeks.  You can read my tutorial about how to do that here.

HOW TO SET UP SSL ON CPANEL BY YOURSELF WHEN THE HOSTING COMPANY IS TOO SHORT-SIGHTED TO HELP YOU

Now that you have your SSL stuff installed you probably are like me and have a bunch of Word Press sites.  What you will find is you will probably get warnings that look like triangles, exclamation marks, etc, etc.

First, your best resource that I found through this process is this website where you can type in your domain and it will spit back the cause of your no-padlock SSL certificate problem.

WEBSITE TO TEST FIGURE OUT WHY NO SSL PADLOCK

Next, you’ll probably find this blog very educational and might help you decide a course of action that is slightly different from my decision to ‘just fix it quick’.  For me, my blogs weren’t highly important (like this one) so experimenting didn’t bother me.

GREAT WEBSITE TO LEARN ABOUT WHY MIXED SSL CONTENT WARNINGS COME AND WHAT TO DO ABOUT THEM

Now, without further adieu, here is the ‘quick fix solution’ to the ‘no padlock error in a Word Press website. Just install this plugin and, if it doesn’t fix by default, change the setting to match mine in the screen shot below.

GREAT PLUG-IN TO FIX ALL YOUR MIXED CONTENT SECURITY WARNINGS

WP-SSL-Insecure-Content-Fixer-Settings

Bonus Feature! Force your Word Press Site to Use HTTPS

Now that you’ve gone to the trouble of making SSL work and then fixing all the errors, why not force all traffic to run via HTTPS so your site is hyper secure?  It’s easy with this this plugin.  Just… well. Plug it in.  And done.

GREAT WORD PRESS PLUG-IN TO FORCE ALL TRAFFIC TO HTTPS

Hopefully everything here works smoothly for you as it did for me.  You’ll note my success since I did this tutorial to this blog! 😉

 

Tags : , , , , , , , , , , ,

How to Do Let’s Encrypt in Cpanel with Shared Hosting

Did Green Geeks (www.greengeeks.com) not want to help you get Let’s Encrypt working in your Cpanel even though it works in cpanel?  You aren’t alone.  But we can take matter into our own hands, you know.

The tutorial I’m going to share is awesome. It’s pretty much what I based everything on and of course my experience of just making my own self signed SSL to do the same thing but more home-brew.

TUTORIAL/HOW-TO TO MAKE LET’S ENCRYPT WORK IN CPANEL

His tutorial is great if you’ve worked on servers or command lines for a while, but I wasn’t so smart.  Hopefully my notes will help the less fluent folk accomplish freedom too.

Let me just give a few side notes to help someone as they do this:

Before beginning, in your terminal, you will need to:

sudo apt-get install git

  • steps 6 and 7 – Cpanel help –  Note before beginning! At no point should you ever, ever, press enter on your keyboard while in the terminal because it will force you right back to square one and you’ll have to delete all this great work you are about to do:
    • go to file manager
    • go to public_html directory and click it
    • click ‘create folder‘ with the + icon
    • type ‘.well-known’ (no apostrophes) into the field that says ‘new folder name’
    • in top right settings of your control panel hit the cogwheel and click ‘show hidden files’ or you will not see the .well-known folder you just made
    • go into the .well-known directory and create another directory called ‘acme-challenge‘ and click ‘create new folder’
    • now go inside the ‘acme-challenge’ folder and click the +file button. you will get the file name from your terminal by selecting everything after ‘acme-challenge’ and then using control+shift+C to grab it to clipboard as per this screenshot
    • copy-paste-random-file-name-2
    •  paste it into the file name with control V and ‘create new file’
    • now go back to terminal and grab the next bunch of random strings and copy it to clipboard as you are learning so well to do, young champion as per this screenshot:
    • copy-paste-file-content-from-term-2
    • highlight your newly created pile of randomness in cpanel
    • click the ‘edit’ button top right ish area of the screen and it will give you some warning and you will say ‘uh huh yep’ and click ‘edit’
    • you will now control V paste that bad boy into your file (just into the big white space) and click ‘save changes’ and should see ‘success!” because you deserve success by now, my little cherry cake.
    • click ‘close’.
    • Now you will have to do it again. The tutorial doesn’t say why but I figured it out, by golly.  It’s because you had domain.com and www.domain.com so you have to do two verifications.  If you had a bunch of subdomains, you’d have to do these steps for all of them as well, FYI.  Also, there is no mention about what to do with these random files sitting in these directories in cpanel.  You can delete them after the verification is done.
    • now go back to his original tutorial and start at step 8
    • Note!  The coolest part about this experience is when you get this message at the end: ‘Self-Verify of Challenge Failed”  – so you are like ‘NOOO!” and then what comes a few seconds later in the terminal?  This message:  “Congratulations! Your certificate and chain have been saved at…” which is actually the truth.  And then you are like ‘YAAAAH!!’ So much drama!  So many victory cries!
  • step 9 isn’t as easy as the author lets on.  It’s also a mystery to my why I cannot have permissions with sudo to do this in the command line but it gives permission denied.  I didn’t know there was a permission higher than sudo but….

sudo nautilus yes, but then where?  this screenshot should help

sudo-nautilus-to-etc

Note also typing the first letter of the folder you are searching for will speed things up, like in ‘L’ for ‘letsencrypt’ in the next level 😉

  • Step 11 isn’t easy either as he doesn’t explain how to open with ‘gedit’.  Just right click on the .pem files, then go to ‘open with other applications’ and then ‘show other applications’ and then start typing ‘gedit’ and it should show right up

Now here is the *critical awesomeness* that took 7 hours of my life to learn.  I will never get these hours back so I hope that you will take all the money I didn’t save by spending all the time and get it back out of GreenGeeks who refused to support Let’s Encrypt when at least myself and a few people I referred to Green Geeks asked them if they would help.  This, by the way, was the response we got:

greengeeks

No, you don’t support them.  But because you didn’t support me, I now support them with this blog post.  And for just 5 years of free hosting with the best plan they have, I might be convinced to remove this truth so fewer of your customers find out that they can work around your antics….

Let’s get started taking away those $20 purchases from the Geeks which are Green, shall we, or any of your hosting companies who don’t want to move into the future shall we?

How to Get a Free SSL Cert Working on your Green Geeks Hosting Plan on all your domains with Cpanel

You can create a let’s encrypt certificate for *all* of your shared domains.

Where I lost all my time was where to put the .well-known/acme-challenge in the subdomains and the whole time it was super easy.  You just click in, open the main directory under file manager and create the directories right there at the top level.  That’s it.

Then you go back and create certs for each domain and pop them in by repeating this tutorial.  One for the www and one without.

Done! Now let’s encrypt.

 

 

Tags : , , , , , , , ,

How to Make Self Signed SSL Certificate Work in CPanel

Tutorial Assumptions

  • you have a website domain
  • you have shared hosting using cPanel
  • you are using a computer running Ubuntu

This isn’t a perfect solution if you have a public facing website, but if you have a private website for yourself, your friends, your business, etc, this will be ‘better than nothing’ and at least give you encryption for your traffic.

Most hosting companies probably sell ‘real’ SSL certificates which cost a certain amount per year.  This may make sense if you don’t have time to figure it out, or you don’t have root control of your server, or if your server happens to suck and not be ubuntu.  If these things happen, you should consider a hosting change ASAP because someone else is controlling your website.

In my case, I’m financially challenged right now and I have a couple of personal domains I want to secure.  Note that I have not yet, as of the date of posting this, figured out what to do for W.O.T.  It is still showing ‘not secure’ because it’s not https but I don’t want to use a self-signed certificate because it will scare away most visitors before they start reading.

The best looking solution moving forward, by the way, and I’m trying to plan all my future sites around it is Let’s Encrypt which is supported by some major players but also playing ball with the EFF it looks like.  However, if you don’t have control over your terminal on your server and cannot issue commands, I’m not sure that it will work. I’m still investigating.

This tutorial is using Greengeeks cheap shared hosting out of the USA.  I remember having to contacts tech support to making this option available in cpanel so you might have to as well

Download and Install OpenSSL on your Ubuntu machine

I assume it would be this command although it has been a while. might have to search it out if this doesn’t work:

sudo apt-get install openssl

Navigate to a Nice Place with your Terminal and Create a Directory Where Your Certificates will be Stored

I gave these a file name of domain-name-ssl-certs, and I did it in my home directory for speed and ease

sudo mkdir domain-name-ssl-certs

Run the Command to Generate the Certificates

You will need to swap out the directory path in this command to the one that matches where you just created the above directory

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /directory/directory/domain-name-ssl-certs/apache.key -out /directory/directory/domain-name-ssl-certs/apache.crt

It will  ask you to fill out stuff and the most important is this one which links it to your actual domain:

Common Name (e.g. server FQDN or YOUR name) []:example.com

Go to Cpanel back end and prepare to paste in some stuff where it should go

If you don’t see the stuff I’m talking about in this section it may be because your hosting company doesn’t want you to know you can do this because they want to sell you a $20 to $50/year ‘real certificate’.  But if you are doing home-based stuff you need not spend.  Make them make this function work or move to a company who will.

In my cpanel it’s under ‘security’ and ‘SSL/TLS’.  Click that.

Install and Manage SSL for your site (HTTPS)

Go back to your terminal and open those .key and .crt files with a text editor like nano or gedit

sudo nano apache.crt

Select all the text after the — of ‘begin cert’ and before the — of ‘end certificate’ as follows.

cert-copy-paste

with the control and shift button down hit the ‘c’ button to copy it to the clipboard memory.

Go back to your cPanel and paste it in the certificate field. If you get a warning that it doesn’t match yoru domain it’s because you didn’t enter the domain correctly while you were creating the certificate in the ‘Common name’ step above that I warned you about.  You should see everything as below except the red warning:

cpanel-warning

Go back and Open your Private Key that you generated and Copy/Paste it into your Cpanel

sudo nano apache.key

copy-apache-private-key

control+shift+C it into this window in cPanel

cpanel-private-key-paste

Click ‘install’ and you should be good to go.

Of course you will always get the ‘this website is dangerous’ warning the first time you visit it but whatever.

Hope that helps.  Now to try the same method with ‘let’s encrypt’ and hopefully get rid of the ‘dangerous’ warnings, too!

 

Tags : , , , , , , , ,