How to Use Let’s Encrypt SSL with a CDN Like Stackpath
We all know that SSL Certificates are very important for any websites and blogs. A website that uses SSL certificate gets a boost in ranking compared to those without the SSL certificates. However, it used to cost money while buying an SSL certificate. However, Let’s Encrypt has already introduced free SSL certificate that doesn’t cost even a dime.
How to generate Let’s Encrypt Certificate?
Method 1 (Easy)
Choose a hosting provider that allows adding Let’s Encrypt Certificate to websites. There are just a few of them now. After testing some, I finally ended up using Dreamhost as it provides the easiest way to add Let’s Encrypt and it takes just a couple of clicks. No Coding! No Headache! The server also is also fast enough and offer easy switch or upgrade that transfer whole data and SQL itself without you doing anything.
Method 2 (Coding Way)
This method is kind of a headache. It’s not just about generating the SSL certificate, but also adding it to the host server. This is one of the many reasons I gave up on GoDaddy as they said they don’t have the option to add and I need to pay to get SSL for each domain. You cannot add Let’s encrypt to any hosting unless you have root access and you are good with coding. This is why I recommend using a hosting that already has this option. Here are a few resources that may help you if you want to use this method:
Why Shouldn’t You Use Cloudflare with Let’s Encrypt SSL?
We have already discussed this in this article. Cloudflare users need a business plan that cost $200+ each month and then you will be allowed to use custom certificates. Free users use shared SSL certificates that is used many many other websites so it’s not very secure.
Using Let’s Encrypt Certificate with a CDN Provider (Demo for Stackpath)
I started using Stackpath as it’s very cost-effective and provides what I need.
Note: You can try this method with other CDNs as well, but they must have the option to add a Custom SSL Certificate.
- Under Stackpath account (after logging in), click on the Sites option to get the list of all sites you have added. If you haven’t added one, please add your site.
- Click on the site that you want to configure for Let’s Encrypt.
- Hit the Settings option under Edge SSL option
- Click on Upload My Own option and you will be asked to enter or upload a few things: Certificate, Private Key, and CA Bundle
- Get those required Detail from your hosting account or the certificate you generated manually. In this demo, I am getting a Certificate from My Dreamhost Host account. Dreamhost has the SSL Certificate option on its left sidebar that you get after logging in. Click on that option to get the list of sites and then click settings option to view certificates. You will have the following screen.
- So copy those certificates and paste in the Stackpath’s section where you were asked to enter certificate keys and hit the Continue button
- If you did everything correctly, it should now show the following screen with the green Yes tag under trusted option
Renewing the certificate
All hosting providers that provide Let’s Encrypt option renew the certificate automatically every 3 months. If you have generated the certificate manually, you will have to renew in manually that’s another headache of the manual method. In case of Dreamhost, the certificate is renewed a month before the expiration and every time it renews you receive an email that certificate is renewed and then you need to follow the same procedure again and update the certificate. You need to delete the current one from Stackpath or any other CDN and add another one. As it renews a month before, you can update even after a few days and that should not create any issue.