Overview
This article explains how to add a free Let's Encrypt SSL certificate to your domain.
Every domain must have its own separate certificate. This means that if you want an SSL cert for example.com and blog.example.com, you must add them separately.
Before you add the certificate, make sure the following are configured, otherwise the installation may fail.
Step 1 — Configure hosting for your domain
Your domain must be Fully Hosted, redirected, or parked.
Step 2 — Point your DNS to DreamHost
Your domain's DNS must already point to DreamHost. This is because 'Let's Encrypt' locates your domain using DNS. It then adds a .well_known/ directory to your site to authenticate the certificate. If your site's DNS does not resolve to DreamHost, the certificate will not be able to authenticate. One of the following options must be configured:
- Nameservers
- A records
Option 1 — Point your nameservers (Recommended)
This option is recommended as it points ALL of your domain's DNS records to DreamHost, making them easier to manage. View the Where are my nameservers pointed? article to confirm where they are pointed.
- If they are already pointed to DreamHost: you do not need to change anything.
- If they are NOT pointed to DreamHost: you'll need to either point them to DreamHost from your current host or change your domain's A records as described below.
Option 2 — Point your A records
These records must be updated at the company where your nameservers are currently pointed. View the following article for instructions on how to find the correct IP address to point them to:
Log into your current host when your nameservers are pointed and update the following A records to point to your DreamHost domain.
A records
You must update both the A records for the www and the non-www records for your website. For example:
- example.com
- www.example.com
If you're pointing to a subdomain such as blog.example.com, you'll still need to create the www record. For example:
- blog.example.com
- www.blog.example.com
Step 3 — Disable your .htaccess file
If your site uses an .htaccess file, it must be temporarily disabled. This is because certain .htaccess rules such as IP blocking, rewrite rules, and password protection may cause the installation to fail.
To disable the file, rename it to something like .htaccess_OFF. Then, install the certificate. Once installed, you can rename the file back to .htaccess.
If disabling your .htaccess breaks your site, try adding the following rule, which should allow the installation to process:
RewriteRule ^.well-known/(.*)$ - [L]
Adding the certificate
Once the steps above are complete, proceed with installing the certificate.
- Navigate to the Secure Certificates page.
- A list of your domains display.
- Click the Add button to the right of your domain.
- On the next page, click the Select this Certificate button.
- A Success message displays confirming the purchased certificate.
Testing if the SSL certificate is working
Confirm the certificate is functioning by visiting the secure HTTPS URL of your website at:
- https://example.com
You can see the browser bar shows a lock icon confirming the connection is secure.
If you just installed the certificate, you may need to wait a few hours for it to update online.