Update about Automated SSL Encryption

Update about Automated SSL Encryption

If you offer customers or clients the opportunity to pay for your goods or services online then you must be up to speed on SSL encryption. Google, Mozilla and other major browsers are determined to make insecure HTTP redundant, which means your site must offer the latest security for online payments. It’s a no brainer.

Complete encryption of data transfer with Secure Socket Layer certificates (SSL) is fast becoming the new norm, as the SSL certificates control appropriate secure access and data sharing.

SSL certificates can be obtained from a variety of suppliers, among the best known and most respected are DigiCert, Symantec and Verisign. They encrypt data and authenticate both internal and external systems and applications, so your users can be confident that the endpoints on their web communication have been authenticated.

Within this secure exchange, HTTPS protocol then ensures the communication between the endpoints is encrypted.  HTTPS stands for Hypertext Transfer Protocol Secure and it’s become one of Google’s primary ranking factors for SEO, along with your site’s loading speed. HTTPS uses transport-layer security to protect transmitted data, including your customer’s credit card details and personal data.

When a site is not using HTTPS, most browsers now show prominent alerts in the address bar, warning users that the site is ‘Not Secure’. So, don’t lose business by being slow to respond to this tide. This needn’t be rocket science (going forward).

In the past, SSL certificates did require a complicated installation process best left to an expert, with special commands to remember and repeat when trying to deploy a specific certificate. With the consequences of an incorrect set up – or an expired certificate – likely to disrupt your site’s online transactions, and potentially result in financial losses through lost productivity or even fines for non-compliance, this was an issue looking for a solution.

Now, that process can be automated through the AutoSSL feature from cPanel.

AutoSSL will now automatically provision, issue, configure and install validated SSL certificates through cPanel’s web hosting partner websites, including UKFast, the ISO-accredited data centre used for our clients. The automated SSL encryption system will improve the privacy, security and trust of your website, and also eliminates common human errors in the set-up process that previously could cause a valid certificate to lapse at its renewal date. This is all great news for site managers and end users.

With AutoSSL enabled, there is no need to manually copy certificates into place. Your websites can be automatically secured and encrypted with a free Domain Validated SSL certificate, and your coverage will never lapse. A cronjob handles the request, download and installation of new SSL certificates around expiration time for all your hosted domains. (Note: AutoSSL only includes domains and subdomains that pass a Domain Control Validation (DCV) test,  as proof of your ownership of those domains.)

This is normally where most web agencies draw the line.  At Inspire we then do the following.

• Update Google Anlaytics to make sure this reflects https
• Update Google Search Console to make sure this reflects https
• Regenerate XML sitemap and submit to Google Search Console
• Check all website pages to make sure that there is no http related content as this will not show the green padlock if there is.
• Check all website pages to make sure there are no broken images or links following the update to https
• Apply 301 redirects for all pages from http to https

All of these are required to make sure your website is setup correctly to get the best value from having an SSL installed.