Adding a free Let's Encrypt certificate

 

Overview

This article explains how to add a free Let's Encrypt SSL certificate to your domain.

Every domain must have its own separate certificate. This means that if you want an SSL cert for example.com and blog.example.com, you must add them separately.

Before you add the certificate, make sure the following are configured, otherwise the installation may fail.

 

Step 1 — Configure hosting for your domain

Your domain must be either Fully Hosted or configured as a redirect.

Step 2 — Point your DNS to DreamHost

Your domain's DNS must already point to DreamHost. This is because 'Let's Encrypt' locates your domain using DNS. It then adds a .well_known/ directory to your site to authenticate the certificate. If your site's DNS does not resolve to DreamHost, the certificate will not be able to authenticate. One of the following options must be configured:

  • Nameservers
  • A records

Option 1 — Point your nameservers (Recommended)

This option is recommended as it points ALL of your domain's DNS records to DreamHost, making them easier to manage. View the Where are my nameservers pointed? article to confirm where they are pointed.

  • If they are already pointed to DreamHost: you do not need to change anything.
  • If they are NOT pointed to DreamHost: you'll need to either point them to DreamHost from your current host or change your domain's A records as described below.

Option 2 — Point your A records

These records must be updated at the company where your nameservers are currently pointed. View the following article for instructions on how to find the correct IP address to point them to:

Log into your current host when your nameservers are pointed and update the following A records to point to your DreamHost domain.

A records

You must update both the A records for the www and the non-www records for your website. For example:

  • example.com
  • www.example.com

If you're pointing to a subdomain such as blog.example.com, you'll still need to create the www record. For example:

  • blog.example.com
  • www.blog.example.com

Step 3 — Disable your .htaccess file

If your site uses an .htaccess file, it must be temporarily disabled. This is because certain .htaccess rules such as IP blocking, rewrite rules, and password protection may cause the installation to fail.

To disable the file, rename it to something like .htaccess_OFF. Then, install the certificate. Once installed, you can rename the file back to .htaccess.

If disabling your .htaccess breaks your site, try adding the following rule, which should allow the installation to process:

RewriteRule ^.well-known/(.*)$ - [L]

Adding the certificate

Once the steps above are complete, proceed with installing the certificate.

  1. Navigate to the Secure Certificates page.
    A list of your domains display.
  2. Click the Add button to the right of your domain.
  3. On the next page, click the Select this Certificate button.
    A Success message displays confirming the purchased certificate.

Testing if the SSL certificate is working

Confirm the certificate is functioning by visiting the secure HTTPS URL of your website at:

  • https://example.com

You can see the browser bar shows a lock icon confirming the connection is secure.

If you just installed the certificate, you may need to wait a few hours for it to update online.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?