If you manage your domain’s DNS record outside of GreenGeeks and your Let’s Encrypt installation failed, a DNS record update will be needed. There are a few different ways to make the necessary change. Any of these methods will work.

• Change the Name Servers for the Domain(s)
• Add _acme-challenge Name Server Records to Your DNS
• Add TXT Records for Your Domain(s)
• Switch to a Premium Wildcard SSL Certificate

Option 1: Change the Name Servers for the Domain(s)

This is the easiest method and the one that we recommend. It will allow you to install Let’s Encrypt as well as prevent any future renewal problems.

Important: If you have custom DNS records, re-create them on GreenGeeks before updating the nameservers for the domain.

You can change the name servers for your domain name at the registrar where you purchased the domain. Go to the registrar’s control panel and look for a setting called “name servers,” “custom name servers,” etc.

Here are the GreenGeeks name servers:

• ns1.greengeeks.net
• ns2.greengeeks.net

If your registrar only provides two fields for name server settings (primary and secondary name servers), use the first two name servers in the above list.

Option 2: Add _acme-challenge Name Server Records to Your DNS

If you cannot change your name servers to point to GreenGeeks as recommended as suggested in option 1, using NS-type records are the second-best option. This involves delegating the _acme-challenge subdomain to the GreenGeeks nameservers.

The NS records need to be created within the existing nameservers. If you’re using a 3rd party DNS provider such as Google, this is where the NS records would need to be created.

Add the following NS records within your existing DNS zone:

_acme-challenge.ggexample.com  NS: ns1.greengeeks.net
_acme-challenge.ggexample.com  NS: ns2.greengeeks.net

Use your domain name in place of “ggexample.com” in the above entries.

Note that many 3rd party DNS providers do not have an option for the NS type of record in their front-end UI, but they can create such records manually upon request. If you don’t see an option for NS records, we suggest contacting the registrar or DNS provider for assistance in creating the records.

Once this is configured, the _acme-challenge NS type records allow GreenGeeks to control the DNS entries for _acme-challenge.ggexample.com, in order to automatically renew the LetsEncrypt SSL certificate without affecting the rest of your DNS configuration.

Option 3: Add TXT Records for Your Domain(s)

Let’s Encrypt uses a specific DNS TXT record for verification, and we can provide you with that record, or you can find the TXT record in the Zone Editor in cPanel.

For TXT verification, you’ll have to set one or two TXT records for _acme-challenge.ggexample.com that’ll need to be manually updated within your DNS zone.  Again, you’ll have to do this every 60~ days as the cert is renewed so we do not suggest using this method.

Contact technical support for assistance if you need help finding the TXT records.

Use your domain name in place of “ggexample.com” in the above example.

Note that this is the only option to use Cloudflare + Wildcard LetsEncrypt SSL on GreenGeeks, as Cloudflare manages the Edge certificate independently.

Option 4: Switch to a Premium Wildcard SSL Certificate

If none of the above methods work for you, there are traditional certificate alternatives to Let’s Encrypt. They aren’t free, but they have certain advantages over a Let’s Encrypt certificate.

You can add a premium wildcard certificate to your site in GreenGeeks.

If your question wasn’t answered in this article, please don’t hesitate to contact technical support.

The post Let’s Encrypt Installation Process appeared first on GreenGeeks Support.

* Let’s Encrypt is compatible with all current browsers and mobile devices. Some legacy services such as Windows XP will not recognize Let’s Encrypt as a secure service. The percentage is based on averages of browsers and devices used by top 100,000 websites.

** For Let’s Encrypt we will aid in configuring an .htaccess redirect and diagnosing any SSL errors. Instructions on resolving these errors will be provided to the customer, but limited assistance with remedying them will be provided.

*** While Let’s Encrypt SSL certificates are issued for 90 days, it is recommended that renewal take place every 60 days to avoid potential outages on Let’s Encrypt’s network. GreenGeeks provides automated renewal, however, we cannot be responsible for failed issuance.

The post Premium AlphaSSL Wildcard Certificate Versus Let’s Encrypt SSL Certificate appeared first on GreenGeeks Support.

GreenGeeks provisions Let’s Encrypt Wildcard SSL certificates. The wildcard certificate covers any subdomains. For example https://blog.ggexample.com, https://www.ggexample.com, or https://anything.ggexample.com/.

Let’s Encrypt wildcard SSL certificates are issued for a period of 90 days and renewed automatically by GreenGeeks. Since the certificates are domain-validated, they do not require the use of a dedicated IP address.

To enable Let’s Encrypt on any of your hosted domain names, please read through this article.

The post What Is Let’s Encrypt? appeared first on GreenGeeks Support.

The warning means that there is no SSL certificate installed for the server hostname, or the server is using a self-signed certificate.

What Is a Self-signed SSL Certificate?

Normal SSL certificates are issued by a third party certificate authority. They are verified by a third party to confirm your server is who it says it is, allowing visitors to connect to your server or website via an encrypted connection.

A self-signed certificate, on the other hand, is not verified by a third party. Your server issues its own SSL certificate so that it may serve encrypted HTTPS access to visitors. There is no third party verification of whether you are connecting to a trusted server.

Self-signed certificates cause modern web browsers to display a warning (similar to the warning above) or SSL connection error when visiting websites that use them. The warning is meant to prevent sites from establishing encrypted connections using a certificate from another domain to trick users into submitting personal information.

Is It Safe to Bypass the Warning?

When connecting to your GreenGeeks VPS or dedicated server that does not have an SSL certificate installed for the server hostname, or if you are using a self-signed certificate, you can safely bypass the warning. The steps for bypassing the warning will vary by browser, but they will be shown to you when you the warning is triggered.

In Google Chrome, click the “Advanced” button, then the “Proceed to…. (unsafe)” link.

In Firefox, you will be prompted to manually add the certificate to your local browser’s set of trusted certificates.

If you are connecting via FTP, SFTP, IMAP, POP3, SMTP, etc., your FTP or email program will prompt you with the steps to accept the warning and proceed.

How to Fix the Problem so the Warning Is Not Shown

To stop the warning, you have to set up a verified SSL certificate for your server hostname. GreenGeeks offers SSL certificates as service add-ons, and we can handle the entire installation process for you if you have cPanel/WHM installed on your VPS. Here’s more information on setting up an SSL certificate. When ordering your SSL certificate, your server hostname will be used as the domain. Just mention “server hostname SSL” when contacting our sales team and we’ll guide you from there.

Alternately you can enable AutoSSL in WHM. AutoSSL provides free SSL certificates for hosting accounts the VPS hostname.

Please note that GreenGeeks cannot provide support for issues with SSL certificates that we have not installed/configured, so the AutoSSL certificates described below are unsupported. Consult the AutoSSL documentation if you run into any problems using the feature.

To enable AutoSSL, Log in to GreenGeeks and go to WHM by clicking the “WHM Login” button in the “Quick Server Login” section.

In WHM, search for “AutoSSL,” and click the “Manage AutoSSL” link.

Scroll down to the “AutoSSL Providers” section. If cPanel is not already selected, select it and click the “Save” button.

When you enable cPanel as the AutoSSL provider, two things happen, first, an “AutoSSL” package feature will be added.

Also, a cronjob is added to automate the downloading and installation of new SSL certificates for all of your hosted domains.

You can wait for the cron job to run or go back to the top of the “Manage SSL” section and click the “Run AutoSSL For All Users” button.

That should remedy the browser warnings when accessing your VPS, as well as install SSL certificates on all accounts/websites (by default AutoSSL will not overwrite any existing certificates).

The post SSL Warning on Your VPS or Dedicated Server and What Is a Self-signed Certificate? appeared first on GreenGeeks Support.

To have an SSL certificate issued at an SSL certificate issuer other than GreenGeeks, you need to generate a KEY and CSR. You then provide the CSR to the SSL certificate issuer to obtain your SSL certificate.

Log in to cPanel

Log in to GreenGeeks and go to cPanel by clicking the “cPanel Login” button in the “Quick Server Login” section.

Open the SSL/TLS Manager

In the “SECURITY” section, click the “SSL/TLS” link or icon.

Under “Certificate Signing Requests (CSR),” click the “Generate, view, or delete SSL certificate signing requests” link.

Enter the form information

• Key – Select the default: “Generate a new 2,048 bit key.”
• Domains – List the domains that you wish to secure, one per line. Use an asterisk for a wildcard domain (*.ggexample.com).
• City – Provide the complete name for the city or locality. Do not use abbreviations.
• State – Provide the complete name for the state or province. Do not use abbreviations.
• Country – Select your country from the drop-down list.
• Company – Provide the legally-registered name for your business. If your company name includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.

The remainder of the fields—Company Division, Email, Passphrase, Description—are optional, so unless your certificate authority has a specific need or requirement for them, you can leave them blank.

When the form fields are complete, click the “Generate” button.

Copy the CSR

Copy the “Encoded Certificate Signing Request” and send it to the Certificate Authority that is issuing your SSL certificate.

Part two: Installing the certificate

When your certificate (CERT/CRT) has been issued, go back to the “SECURITY” section of cPanel and click the “SSL/TLS” link or icon.

Under “Certificates (CRT),” click the “Generate, view, upload, or delete SSL certificates” link.

There are two options available in the “Upload a New Certificate” section.

• First is “Paste the certificate into the following text box,” which you can use if the certificate has been sent in the body of an email.
• The second option, “Choose a certificate file (*.crt),” should be used if the certificate authority has sent you a .crt file.

The post How Do I Create a KEY and CSR for an SSL Certificate in cPanel? appeared first on GreenGeeks Support.

See Addon pricing here, or to purchase additional SSL certificates today, open a ticket in GreenGeeks and we will get you started.

The post Can I Have Multiple SSL Certificates on One cPanel Account? appeared first on GreenGeeks Support.

See this article for more information on pricing and purchasing.

The post What are Vouchers? appeared first on GreenGeeks Support.

See our Addon pricing schedule for details.

The post What is OneClickSSL? appeared first on GreenGeeks Support.

An SSL certificate is a file that is installed on the web server. It ensures that the domain name in the certificate matches the domain name of the site, and enables a visitor’s browser to make a secure, encrypted connection to the site.

Of course, encrypting data is critical where financial transactions are concerned. But even if you’re not transferring financial data, private data such as usernames and passwords can be passed between your site and a visitor’s browser.

Without an SSL certificate and the HTTPS connection, private data doesn’t get encrypted, and that makes it vulnerable.

An HTTPS connection can also give your site a leg up in search engine results since Google says it will give preference to websites using HTTPS over those that do not.

GreenGeeks Makes Securing Your Website Easy

There are two options for HTTPS with GreenGeeks:

Premium AlphaSSL Wildcard SSL Certificate
If you are doing financial transactions or transferring other sensitive information to customers, this is the certificate for you. It is issued by a trusted certificate authority and provides 256-bit encryption along with a warranty, digital seal and 2048 bit root strength.

Also, there are multi-year renewal options available. The Premium AlphaSSL Wildcard SSL Certificate costs $99.95 a year.

Let’s Encrypt Wildcard SSL Certificate 
Let’s Encrypt certificates are issued by the Let’s Encrypt project. They provide basic protection but do not include warranties, website seals, or other value-added services like those offered by a trusted certificate authority.

The advantage is there is no charge for a Let’s Encrypt certificate. If you want to enable HTTPS but don’t have financial or sensitive information to protect, it’s a good choice.

Let’s Encrypt certificates have to be renewed every 90 days, but we take care of that for you automatically.

Get an SSL Certificate and Enable HTTPS on Your Website Now

To enable SSL certificates on your website, you can do so through GreenGeeks. In just a few clicks of the mouse, you can quickly add “https:” to the beginning of your domain.

Note that in addition to the options presented here, you can use a third-party SSL certificate on your GreenGeeks-hosted website(s). A dedicated IP address addon is not required for Let’s Encrypt certificates or the Premium AlphaSSL Wildcard SSL Certificate sold by GreenGeeks.

The post What Is Required to Install an SSL Certificate on My Account? appeared first on GreenGeeks Support.

Google Chrome—and most other web browsers—now display various security warnings on sites that do not use HTTPS, so SSL certificates are being widely used even on websites that are not hosting financial transactions.

GreenGeeks offers both a premium (for sites conducting business or transmitting sensitive information) and free (for sites not conducting business or transmitting sensitive information) SSL certificates. You can read about the differences between premium and free SSL certificates here.

How Do I Purchase an SSL Certificate?

To purchase an SSL certificate, please open a ticket with our sales department in GreenGeeks.

Technical note: modern web servers don’t really use the SSL (Secure Socket Layer) protocol anymore, but the name has stuck to security certificates as kind of a generic identifier, so we use “SSL” in this article. The TLS (Transport Layer Security) protocol has replaced SSL for most uses.

The post What Is an SSL Certificate? appeared first on GreenGeeks Support.