wiki:faq/security/setup-certificate

Version 24 (modified by Jamie McClelland, 2 years ago) (diff)

--

Languages:

Configure your web site to use https

By default, your web site does not communicate with the world using an encrypted connection. When you connect, it uses the "http" protocol instead of the "https" protocol.

We strongly encourage all members to change this setting so all communications is encrypted. Even if you don't think it is necessary, consider that all information you send to the site, which may include usernames and passwords, are sent in the clear unless you are using https.

Fortunately, the process of choosing to run an https enabled web site is fully handled in the members control panel:

  • Edit your web configuration and remove any domains from the domain names section that are not properly working or have expired (if there are any).
  • Change Encryption from "http only" to "https enabled".
  • Click "Submit".

What if I already have an https web site?

Some members already have their own https certificates and keys. If you click the Advanced button, you will see them listed.

If you want to switch from using your own https certificate and key to using our automatic and free Let's Encrypt certificate and key, simply delete the path to your certificate and key from the TLS Key path and TLS Cert path fields.

How does it work?

Our control panel is integrated with a free services called Let's Encrypt. They provide automated 3 month certificates free of charge. We have a regular scheduled job that will automatically renew your certificates every three months to ensure they are kept up to date.

Attachments (1)

Download all attachments as: .zip