1. INSTALLATING OSE FREE SSL PLUGIN
Install through Plugins Menu
- Search “OSE Free SSL” in the plugin menu then install and activate it. After that, there will be a new menu OSE Free SSL on the side bar.
Install by Uploading the files through FTP
- Upload the entire ose-lets-encrypt folder to the /wp-content/plugins/ directory
- Activate the plugin through the Plugins menu in WordPress backend. After that, there will be a new menu OSE Free SSL on the side bar.
2. REQUESTING A FREE SSL CERTIFICATE
If there are no file permissions issues, simply:
- Enter the email address
- Save the setting
- Click the ‘SSL Request’ button to request an SSL from Let’s Encrypt.
In the cases that the file permissions are incorrect so the plugin cannot write files into the folder /.well-known/acme-challenge/ directly, the ftp form window shows up so you can enter your ftp accounts. Please refer to this tutorial to create the ftp account:
Go back to OSE Free SSL menu in your WordPress website and:
- Fill in the FTP info created above
Save the setting
Click the ‘SSL Request’ button to request an SSL from Let’s Encrypt.
RECEIVING YOUR SSL CERTIFICATE
Should the Domain Validation goes successfully, your SSL certificate will be delivered to your email address shortly.
Since version 1.2.6, your SSL certificates are also saved into your WordPress website so that you can copy it easily into your hosting control panels later on.
That’s all for obtaining the free SSL certificates, the next step is to install the certificates into your hosting control panels.
INSTALL THE FREE SSL CERTIFICATES
At this point, you should have received the certificate package after setting up the plugin and requesting SSL. Download the attachment in the email to your PC and extract the package. There are three files in the zip file:
Follow the instructions below to install the certificates into your hosting account.
We use cPanel as example here.
- Log into cPanel
- In the Security section, click SSL/TLS.
On the next page
- Choose Manage SSL Sites.
Next install the new certificate:
- Choose the domain
- Copy/paste the codes in the certificate files to the corresponding fields.
- Copy content of your_site_domain.crt into the Certificate: (CRT) field
- Copy content of your_site_domain.key into the Private Key (KEY) field
- Copy content of chain.crt into the Certificate Authority Bundle: (CABUNDLE) field
- Click the Install Certificate button
Should the Certificate installation is successful, you will get the SSL Host Successfully Installed message box. Then you can use plugins like Really Simple SSL to force your website to load in https protocol.
Since version 1.2.6, apart from the SSL certificate package email, your SSL certificates are also saved in your website directly, so you can copy the content of the SSL certificates directly to your hosting control panel to install it.
That’s it, you now have the SSL certificates. The next step is to install the certificates into your hosting accounts.
ABOUT OSE FREE SSL PLUGIN FOR WORDPRESS WEBSITES
OSE has built a really simple SSL plugin for WordPress community. WordPress owners just need to install the OSE Free SSL plugin into their website. The plugin will request the SSL certificates from Let’s Encrypt (a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).) and deliver the SSL certificates to the provided email address.
WordPress website owners can follow the following above instructions to request the SSL certificates and install their certificates into their hosting control panel.
- PHP version 5.3+.
- cURL and OpenSSL extensions in PHP
- When using FTP mode, an FTP account with the access to /public_html/.well-known (for cpanel) or /httpdocs/.well-known (for plesk).
WHAT IS TLS/SSL?
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Websites can use TLS to secure all communications between their servers and web browsers.
The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.:3 When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) should have one or more of the following properties:
- The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted.
- The identity of the communicating parties can be authenticated using public-key cryptography.
- The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission. (Source: WikiPedia)
WHY IS TLS /SSL important?
TLS / SSL was important for one very specific reason
- Security: Encrypting communication and securely storing information, which is incredibly beneficial for eCommerce stores or websites handling sensitive information, e.g. credit card information.
- Better SEO: Google has announced that beginning in January 2017, they will flag sites that store passwords or credit card information without SSL as insecure, as part of a long-term plan to mark all sites without SSL as insecure.There are many ranking signals that Google examines to determine the ranking a web page. One of the officially declared ranking signals is HTTPS. Adding TLS / SSL is important to your website ranking now.
- Website credibility: Green padlock in the browser address bar shown beside any address is deemed as a sign of reputation. Visitors are more likely to trust a website if it has SSL.
SECURE YOUR WEBSITE NOW
Take full advantage of the Free SSL revolution and add an extra layer of security for your website now.