What is an SSL certificate?
SSL certificate are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.
SSL certificates bind together:
- A domain name, server name or hostname.
- An organizational identity (i.e. company name) and location.
An organization needs to install the SSL certificate onto its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure.
When a certificate is successfully installed on your server, the application protocol (also known as HTTP) will change to HTTPs, where the ‘S’ stands for ‘secure’. Depending on the type of certificate you purchase and what browser you are surfing the internet on, a browser will show a padlock or green bar in the browser when you visit a website that has an SSL Certificate installed.
Importance of SSL certificate to your website
Cybersecurity poses a major challenge to online business, as hackers are becoming more numerous and daring in compromising websites, particularly commercial sites where sensitive financial information is exchanged. A breach can create huge liability costs and shake customer confidence in a business. That’s why all ecommerce sites should use secure sockets layer (SSL) protection.
SSL protects information by encrypting data between two servers. Only the host computer can decrypt the data and only the client computer can verify the server certificate. If the session is interrupted for any reason, the session is broken and must be reestablished. Sites that implement the SSL/TLS protocol display a padlock icon in the address bar.
SSL is more than just a technical tool to provide security for transactions; it is a trusted name in security. When customers see the SSL icon, they’re reassured that their financial information is safe and secure. This helps build consumer loyalty and confidence in your brand.
What should I do if my SSL certificate expiring?
Today, I got second email (the first email came 6 days ago) from Let’s Encrypt to remind me that my SSL certificate for my website is expiring in 1 day.
Accessing to my website and check SSL certification again I see that it will expire today.
Wow. I need to renew the SSL certificate otherwise my website will be marked not safe when Internet users visit it.
OK. I click on the link “Click here to renew the certificate” in email to access to SSL For Free services.
Let’s Encrypt need to verify your domain before release new certificate. If your web hosting has FTP service you can use Automatic FTP Verification. If your web hosting don’t have FTP service or you don’t want to provide such important information you should select Manual Verification. Event they say they do not store FTP information, I’m always thinking about safety for my website so I select Manual Verification by clicking on that button.
In below screen
you click on Manually Verify Domain to get upload verification files.
I download 2 verification files to your computer first. Then I use FileZilla (my favourite FTP Client) to connect to web hosting server. You can use any FTP Client which you are familiar with or using File Manager in web hosting control panel.
In my website folders “.well-known” and “acme-challenge” are already exists so I don’t have to create them.
If you don’t have such folders already exist, you create a folder in your domain named “.well-known” and another folder in your domain under “.well-known” named “acme-challenge. After creating, you will see your folder structure similar to mine.
OK. I upload the 2 downloaded files from my computer to the “acme-challenge” folder then veryfying successful upload by visiting links provide in step 5. Such links display random alphanumeric characters
Great. I can click Download SSL certificate to continue now.
Now I’m transfered to Certificate Successfully Generated page
As you see, this free SSL certificate expire after 90 days and you will be notified 1 week before your domain expire.
To be safe, you should download all certificate files by click on Download All SSL Certificate Files button to get zipped file named sslforfree.zip containing all certificate files then keep them in safe place.
Now I can use information provided in Certificate, Private Key, CA Bundle to renew SSL certificate. Depend on hosting providers and control panels they use this process is not the same in all providers.
After uploading new SSL certificate, I check again current SSL certificate information installed for my webite
Great. New SSL certification installed. Internet visitors to my website continue trust me now.
Renew SSL certificate is simple and fast as you have seen. So don’t delay when you got alert SSL certificate expiring.
Click here for Vietnamese version.