SSL Certificate

From Arch Hosting Wiki
Jump to: navigation, search

Enabling free SSL certificates

To use our free SSL, you will need to run AutoSSL on your hosting account. This script will automatically complete all of the verification and signing necessary to get your SSL set up.

To run AutoSSL, navigate to your cPanel and click on the "SSL/TLS Status" option. Please note, you should use "SSL/TLS Status" - not "SSL/TLS".

rsl2uQY.png

Once you are on the SSL/TLS status page, you should click the "Run AutoSSL" button. You should also review any of the domains listed - if there is an error, you should take steps to address them. If you have fixed an error, you should use the "Include in AutoSSL" button and then run AutoSSL again.

Benefits of an SSL certificate

  • Improve your site security, improve your SEO, and reassure visitors with your security! (https:// in the address bar)
  • Certificate will be signed through Comodo or Let's Encrypt, whichever is available.
  • Certificate will be valid for the length of your hosting with us
  • You will never be charged for a certificate.

Certificate renewal

While you can manually run the SSL signing process, every night we will also run the SSL signing process on all web hosting accounts. Therefore, all renewals will be handled automatically as long as AutoSSL does not detect any errors with your domain. If it does, you should refer to the Troubleshooting section of this guide.

Bringing your own SSL certificate

If you wish to use your own SSL certificate, you can upload it via the SSL/TLS section of your cPanel. AutoSSL will not replace your own certificate, unless it is found to be unsigned or expired. 

Troubleshooting

Your domain must point to our hosting, either through nameservers or DNS records, for AutoSSL to work. If your domain is not yet pointed to our hosting, AutoSSL will error.

Some redirects (through Cloudflare, or .htaccess) may interfere with AutoSSL. If this is the case, you should take action to ensure they are not intercepting traffic to the /.well_known/ folder - which is created when AutoSSL is ran.


AutoSSL may not sign some system records or subdomains - such as "autodiscover", "webmail", "cpanel", etc. This is 100% okay, and you can safely exclude these from your AutoSSL. AutoSSL will only sign records which point to your hosting account and your web space.

DNSSEC has been found to cause issues with our AutoSSL system, and if you think that could be causing the checks to fail then we would recommend disabling it.