Auto-Install Free SSL
It is the 1st WordPress Plugin that Automatically issues and installs Free SSL Certificates.
Let’s Encrypt™ SSL Certificate is FREE. But they provide it through their API. If you are not a programmer, you need to study and practice programming for years to be able to use the API of Let’s Encrypt™ to generate a single Free SSL Certificate for your WordPress website.
Here is where ‘Auto-Install Free SSL’ comes into play. With this WordPress plugin, you can generate the Let’s Encrypt™ Free SSL Certificate with ease! You don’t need to have programming or coding experience to set it up. All you need is a few minutes. Yes! You read it right!
Minimum System Requirements
- Linux or Windows hosting (Windows hosting is now supported)
- WordPress 4.1
- PHP 5.6
- OpenSSL extension
- Curl extension
- PHP directive allow_url_fopen = On
FREE PLUGIN FEATURES
- Generate and renew Free SSL Certificate.
- One-click Download the generated SSL certificate, Private key, and CA Bundle files.
- Video tutorial on cPanel: (1) How to upload HTTP-01 challenge files to verify domain ownership. (2) How to Install the Free SSL Certificate.
- Written tutorial on Plesk for the above two topics.
- One-click Force SSL activation, i.e., HTTPS redirect, fix insecure links and mixed content warning, display the padlock in the browser’s address bar with ONLY ONE CLICK.
- One-click revert to HTTP if required.
- Automatic renewal reminder by email before the SSL expiry.
Use this plugin only for HTTPS redirects too
If your WordPress website has an SSL certificate installed and you are looking ONLY for Force SSL activation (i.e., HTTPS redirect, fix insecure content), you can use the FREE version.
PREMIUM PLUGIN FEATURES
- Automatic Verification of Domain Ownership.
- Automatic Generation of Free SSL Certificate.
- Automatic Installation of Free SSL Certificate (cPanel or root access is required for this automation). [However, if you have neither cPanel nor root access, we’ll Install the SSL manually for the first time and provide documentation on how to install SSL manually].
- Automatic Renewal of Free SSL Certificate (30 days before expiry).
- Automatic Cron Job. No need to set the Cron Job manually.
- One-click Force SSL activation.
- One-click revert to HTTP if required.
- One-to-one Premium Support.
- Automatic WildCard SSL certificate for free! (Generation and installation of an SSL certificate for a domain that covers all its sub-domains.)
- Automatically sets the DNS TXT record to verify the domain and generate WildCard SSL (supported DNS service providers: Cloudflare, Godaddy, Namecheap, and cPanel.)
- Supports Multisite.
- Works on all the websites hosted on a cPanel / web hosting.
- SSL installation training for non-cPanel websites.
- You can revoke any SSL certificate and change your Let’s Encrypt™ account key if you need it.
Benefits of installing an SSL certificate on your WordPress website
Protect your users’ data: If an SSL certificate is installed, your WordPress website’s data travels through the internet with 2048-bit (or more) encryption. No computer or hacker in-between can read your users’ encrypted data. Only the intended recipient (users’ browser or your server) can decrypt and read the encrypted data. The data may be credit card-like critical payment details, user input with a contact form, or a simple login form.
Display PADLOCK: Installing an SSL certificate is not optional anymore, even if your WordPress website doesn’t accept credit cards. Since July 2018 with the release of version 68, Google Chrome started to mark all HTTP (no SSL) websites as ‘Not secure’, even if it doesn’t accept user input. All other browsers followed the same path. All the browsers display a secured PADLOCK in the address bar when users visit an SSL-secured website.
Boost the Search Engine Ranking: Google and other search engines aim to create a secure web. So the search engines now favor SSL-secured HTTPS websites and discourage insecure ones in the search results. If your WordPress website doesn’t have an SSL certificate installed you are missing something big, in terms of SEO and staying away from potential customers.
Gain the trust of your users: If users see the secured PADLOCK and HTTPS connection in the URL, they are assured that your website is secured. Now you are gaining the trust of your potential customers. They are confident to purchase your product or service.
Please check the installation tab for documentation.
Support and Report a Bug
Please check the existing topics in the WordPress support forum before creating a new topic for support or reporting a bug.
‘AUTO-INSTALL FREE SSL’ IN YOUR LANGUAGE?
If you would like to translate in your language, translations can be added very easily here.
- Let’s Encrypt™
- I developed this plugin based on the PHP client/app ‘FreeSSL.tech Auto’, which I developed with a massive rewrite of Lescript.
Let’s Encrypt™ is a trademark of the Internet Security Research Group. All rights reserved.
(Please check the Details tab for MINIMUM SYSTEM REQUIREMENTS.)
Video Tutorial: [cPanel] How to install the plugin and generate & install a Free SSL Certificate for your WordPress website
Video Tutorial: [Plesk] How to install the plugin and generate & install a Free SSL Certificate for your WordPress website
AUTOMATIC INSTALLATION (POPULAR AND EASIEST)
- Log in to the dashboard (backend/ admin area) of your WordPress website.
- Then navigate to the ‘Plugins’ menu in the sidebar, and click the ‘Add New’ option.
- In the ‘Search plugins…’ field type this keyword: ‘Auto-Install Free SSL’ or, you may type ‘Auto-Install’ too.
- Once you found this plugin, you can click ‘More Details’ and then click the ‘Install Now’ button.
- Finally, click the ‘Activate’ button.
Now, check the AFTER ACTIVATION section below.
- Download the ‘Auto-Install Free SSL’ plugin zip file by clicking the ‘Download’ button at the top-right of this page.
Now check either the cPanel or FTP section below. If your web hosting control panel is other than cPanel, the steps are similar to cPanel.
- Log in to your cPanel and click the ‘File Manager’ menu.
- Browse to the document root of your WordPress website and then open the
- Click the ‘Upload’ menu at the top.
- You see a new window. Drag and drop the plugin’s zip file. It will be uploaded in a few seconds (depending on the speed of your internet connection). Click Go Back to “/home/username/public_html/wp-site-document-root/wp-content/plugins” link at the bottom.
- Right-click on the plugin’s zip file and click ‘Extract’ and then click the ‘Extract Files’ button. After complete, you get Extraction Results. Click the ‘Close’ button here.
- Click the ‘Go’ button (at the top-left) to refresh the directory structure. You see the ‘auto-install-free-ssl’ directory here.
- Now check the point-number 2 below.
- Extract the plugin’s zip file to your computer. You see a folder ‘auto-install-free-ssl.3.0.3’ (you’ll see the latest version in place of 3.0.3) and inside it, the ‘auto-install-free-ssl’ folder. You need to upload this.
- Log in to your web server with your favorite FTP client (e.g. FileZilla).
- Browse to the document root of your WordPress website and then the
- Upload the ‘auto-install-free-ssl’ folder here.
- Now check the point-number 2 below.
2.- Log in to your WordPress dashboard and go to the ‘Plugins’ page. You see ‘Auto-Install Free SSL’ is listed here. Click the ‘Activate’ option here. You’re done!
After activating ‘Auto-Install Free SSL’ you’ll be redirected to a page (powered by freemius) where we request you to opt-in to our security & feature update notifications and non-sensitive diagnostic tracking. We appreciate your help in making the plugin better by letting us track a few non-sensitive usage data. You’ll get links there to learn about this in detail. Then you may or may not allow us to opt-in as per your wish.
How to generate a Free SSL Certificate
Generating a free SSL certificate is very easy and straightforward. Please follow the steps below:
- After the previous step, you’ll be redirected to the Generate SSL page (in most cases). Otherwise, navigate to the ‘Auto-Install Free SSL’ menu in the sidebar, and click the ‘Generate SSL’ option. Screenshot here.
- Wait a few seconds. Then you see the second step: ‘Verify Domain’. Please check the screenshot. You have two methods, HTTP-01 and DNS-01, to verify your domain ownership. You need to complete any one method. Here we are discussing the HTTP-01 method only. Because it is the most popular, easiest, and most time-saving method.
HTTP-01 tab is selected by default. Please follow these steps:
- Log in to your web server with an FTP client (e.g. FileZilla) or the file manager of your web hosting control panel.
- Browse to the document root of your WordPress website. It will be like:
/home/username/public_html/wp-site. Create a directory ‘.well-known’ and create another directory ‘acme-challenge’ inside the ‘.well-known’ directory.
- Click the links ‘Challenge File 1’ and ‘Challenge File 2’ to download the HTTP-01 challenge files. Please remember that if the www. alias of your WordPress website doesn’t point to your web server (i.e., offline) you get only one challenge file.
- Upload the downloaded challenge files to the ‘acme-challenge’ directory.
- Uploaded files should be available at ‘Link 1’ and ‘Link 2’. Please click the links. The content/text of the links should EXACTLY match the content of the downloaded files. If it matched correctly, then click the ‘Verify Domain & Get SSL’ button, and in the confirmation dialog box click ‘OK’.
Now wait a few seconds and you see a free SSL certificate has been issued to your WordPress website. The page looks like this screenshot. Download the SSL, Private Key, and CA Bundle files (.pem) by clicking on the given links.
After this, log in to your web hosting control panel and install the SSL certificate on your WordPress website.
How to install the SSL certificate with cPanel
- Log in to your cPanel.
- In the ‘Search Tools’ text box (on the upper-right corner) type ‘SSL’ (the lower case will also work).
- You get a few search results instantly. Click on the ‘SSL/TLS’. (Don’t click on the ‘SSL/TLS Status’.)
- On the SSL/TLS page, you get an option ‘INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS)’ at the bottom with a link ‘Manage SSL sites.’ Click on it.
- On the next page, i.e., ‘Manage SSL Hosts’, you get a section at the bottom of the page ‘Install an SSL Website’. Here you get a form to install the SSL certificate.
- From the ‘Select a Domain’ drop-down menu, select the domain of your WordPress website.
- Open the ‘certificate.pem’ file (you downloaded it) in a text editor and copy all its content/text including ‘—–BEGIN CERTIFICATE—–’ and ‘—–END CERTIFICATE—–’. Paste it in the ‘Certificate: (CRT)’ text area.
- Similarly, paste all the content of the ‘private.pem’ file in the ‘Private Key (KEY)’ text area.
- Then paste all the content of the ‘cabundle.pem’ file in the ‘Certificate Authority Bundle: (CABUNDLE)’ text area.
- Now click the ‘Install Certificate’ button and wait just a few seconds. Then you get the confirmation dialog box ‘SSL Host Successfully Installed.’ Click ‘OK’.
How to install the SSL certificate with Plesk
- Log in to your Plesk control panel.
- Click the ‘Websites & Domains’ option in the left menu.
- Click on the website for which you need an SSL certificate. There are several options under it.
- Click the option ‘SSL/TLS Certificates’.
- On the next page, in the ‘Download or remove existing certificates’ option, click the ‘Manage’ button.
- On the next page, click the ‘Add SSL/TLS Certificate’ button.
- You got the ‘Add SSL/TLS Certificate’ page.
- In the ‘Certificate Name’ text field, write a name.
- You got a section at the bottom of the page ‘Upload the certificate as text’. Here you have a form to install the SSL certificate.
- Open the ‘certificate.pem’ file (you downloaded it) in a text editor and copy all its content including ‘—–BEGIN CERTIFICATE—–’ and ‘—–END CERTIFICATE—–’. Paste it in the ‘Certificate’ text area of Plesk.
- Similarly, paste all the content of the ‘private.pem’ file in the ‘Private key’ text area of Plesk.
- Then paste all the content of the ‘cabundle.pem’ file in the ‘CA certificate’ text area of Plesk.
- Now click the ‘Upload Certificate’ button.
- The uploaded SSL certificate is listed on the next page.
- Again, click ‘Websites & Domains’ in the left menu.
- Click the website for which you need an SSL certificate.
- Click the ‘Hosting & DNS’ tab and click the ‘Hosting Settings’ option.
- On the next page, i.e., the ‘Hosting Settings’ page, click the ‘Certificate’ selection field and select the certificate we just uploaded.
- Click the ‘Apply’ button and then click ‘OK’.
- Congratulations! The SSL certificate has been installed successfully.
Now you can access your website with ‘https://’.
If your web hosting control panel is anything other than cPanel, the options will be different but the concept is similar.
NOTE: The free SSL certificate issued by Let’s Encrypt expires in 90 days. They recommend renewing 30 days prior to expiry. So you need to spend time repeating the process of generating and installing an SSL certificate every 60 days.
Click the ‘Re-generate (renew) SSL’ button to start renewing.
However, the premium version of this plugin generates (issue/renew) and installs the free SSL certificate automatically. Please check the video tutorial (1:42 min) below and see how easy it is.
Are you interested? Click here to BUY the PREMIUM VERSION.
How to Activate Force HTTPS / HTTPS Redirect
After installing the SSL certificate, please perform the following steps:
- In your WordPress dashboard, navigate to the ‘Auto-Install Free SSL’ menu in the sidebar, and click the ‘Force HTTPS’ menu.
- On the next page, click the ‘Activate Force HTTPS’ button. The click OK.
- You’ll be logged out and redirected to the WordPress log-in page. Please log in again.
- Now refresh the website’s home page. You’ll get the padlock.
How do I install the ‘Auto-Install Free SSL’ plugin?
Please check the installation tab.
Does installing the plugin will instantly turn my site HTTPS?
After installing this plugin you need to do some steps. Please check the ‘AFTER ACTIVATION’ section in the installation tab.
My website doesn’t accept credit cards. Why do I need an SSL certificate?
Please check ‘Benefits of installing an SSL certificate on your WordPress website’ above.
How do I generate a free SSL certificate?
Please check the installation tab.
How do I install an SSL certificate on my WordPress website?
Please check the installation tab.
I have installed an SSL certificate but still don’t see any PADLOCK in the browser’s address bar. Why?
Please visit the plugin’s default page and click the ‘Activate Force HTTPS’ button.
How do I deactivate the HTTPS redirect?
Please click the ‘Revert to HTTP’ button on the plugin’s default page.
Alternatively, open the email that you received after activating the HTTPS redirect (or Force HTTPS), and click the link given there to deactivate HTTPS redirect and revert to HTTP. The subject line of that email is “’Auto-Install Free SSL’ has activated Force HTTPS on your website YourDomain.com”. [Replace YourDomain.com with your WordPress website’s domain].
[Pro] Why do you need my cPanel password (or API Token) when others Let’s Encrypt clients don’t?
cPanel username and password (or API Token) is required to install the free SSL certificate automatically with the cPanel API. Let’s Encrypt SSL’s lifetime is 90 days. You need to get and install another SSL certificate before the expiration of the current SSL. If you provide your cPanel username and password (or API Token), this plugin will do this repeated job automatically. All your credentials remain safe in your database. Moreover, ‘Auto-Install Free SSL’ encrypts the password (or API Token) before saving in your database.
All other Let’s Encrypt clients who auto-install free SSL certificate, needs root access, which is a higher privilege than the cPanel user. In shared hosting, the root access belongs to the web hosting company. So those clients will not work on shared hosting.
[Pro] Does this WordPress plugin send the cPanel username and cPanel password (or API Token) to your server or to Let’s Encrypt?
We or Let’s Encrypt don’t collect any credentials. This plugin’s source code is open for audit. The team WordPress approved it after the audit (when the automation feature was free). Please feel free to audit yourself too.
[Pro] How do I create the cron job for automation?
You don’t need to set the Cron Job manually. It works by default (from version 3.0.0). However, ‘Auto-Install Free SSL’ has an option to add the cron job with one click from your WordPress dashboard (available for unlimited sites license and it’s optional).
[Pro] I received the confirmation email but didn’t receive the cron output by email. Why?
Since version 3.0.0, You can access the cron output by clicking the ‘Log’ menu.
If you have an unlimited site license and created a cron job manually, make sure you have provided your email address in the ‘Cron Email’ section of the Cron Jobs page of cPanel.
Contributors and Developers
“One-Click Free SSL Certificate Plugin for WordPress, HTTPS Redirect – Auto-Install Free SSL” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Added a new function to detect Plesk.
- Improved the logic of the documentation at SSL generation step 3 so that it can display the appropriate video with the specific control panel.
- Improved the comparison table.
- [Pro] Added (and replaced) ‘What’s next?’ information if the control panel is not cPanel so that users contact us for complete automation with an alternative method. Updated the same text in the log and automated email.
- Fixed the slow loading issue of the Generate SSL (manually) page on Windows and on non-cPanel Linux hosting if the open_basedir restriction is in effect.
- Improved text of the comparison table.
- Improved: Windows hosting is now supported for both free and Pro version.
- [Pro] Improved text of the starting page for the users who don’t have cPanel.
- [Pro] Fixed the double redirect issue after clicking the button in the starting page to generate SSL certificate (for the users who don’t have cPanel).
- Fixed an issue with manual SSL generation where the initial Let’s Encrypt server response expiry date has been passed but SSL generation steps were not completed.
- Updated video tutorials with vimeo-hosted videos.
- [Pro] Improved automated email text, log text and main page text for the users, who don’t have cPanel.
- [Pro] Moved Activate Force HTTPS option at bottom of the main page and added video tutorial (How to Install SSL Certificate) in that place for the users, who don’t have cPanel.
- [Pro] Automated SSL installation now possible with an add-on shell script for the users who don’t have cPanel, but have root access to the server. Premium users need to contact us to get the script.
- [Pro] Added ‘Single/Multi Domain’ button in the main page.
- Improved comparison table and page.
- Replaced the link of comparison table (in admin notice) with the improved comparison page.
- Improved the layout of step 2 (Verify Domain).
- Replaced written tutorial with Video Tutorial (1) ‘Plesk: How to upload HTTP-01 challenge files’ (step 2). (2) ‘Plesk: How to Install SSL Certificate’ (step 3).
- [Pro] Fixed a PHP Warning.
- [Pro] Fixed issue with accessing the cPanel settings if the existing SSL expired, but the website forced to load over HTTPS.
- Added a new page and menu for ‘Activate Force HTTPS’.
- Added a button in the header ‘Force HTTPS’ to easily access the option.
- Improved Generate SSL (manually) page: (1) At step 3, changed the position of the Video Tutorial ‘cPanel: How to Install SSL Certificate’, so that users can access it easily. (2) Moved ‘Activate Force HTTPS’ option at the bottom of this page (step 3). (3) Show ‘Activate Force HTTPS’ option only if an SSL certificate has been generated but Force HTTPS is not activated (step 3).
- Added Tutorial content with Generate SSL (manually) page: (1) Video Tutorial ‘cPanel: How to upload HTTP-01 challenge files’ (step two). (2) Written Tutorial ‘Plesk: How to upload HTTP-01 challenge files’ (step 2). (3) Written Tutorial ‘Plesk: How to Install SSL Certificate’ (step 3).
- [Pro] Improved cPanel Settings: (1) Added clear information that users need to use either an API Token or Password. Not both. (If the license is not for unlimited websites). (2) Changed the position of the Short Video Tutorial ‘How to Create API Tokens in cPanel’, so that users can access it easily. (3) Removed ‘Activate Force HTTPS’ option from the cPanel settings page. (4) Fixed the issue with checking whether password is filled in, if the user opted to generate wildcard SSL certificate.
- [Pro] Added separate Support Forum URL for the premium version users, so that they don’t post at the WordPress.org Support Forum.
- [Pro] Added filter to show the contact submenu item only when the user have a valid non-expired license.
- Updated the Freemius WordPress SDK to version 2.4.5.
- [Pro] Improved Exclude Domains settings.
- [Pro] Fixed an issue with the function sslRequiredForFirstTime() that detects whether the plugin is generating SSL certificate for the first time.
- Advanced detection of the users who were using the plugin since free only version (v2).
- Changed menu icon and menu position.
- Improvement in header styling.
- [Pro] Added new function to check cPanel connectivity.
- Added new comparison table to help understand the difference between free and pro version better.
- Affiliate program launched – any one can join.
- Fixed an issue with PHP 8.
- [Pro] Added cPanel authentication with API Token. Users can provide API Token instead of Password.
- [Pro] Improved cPanel Settings logging.
- Updated the freemius WP SDK to version 2.4.4.
- Updated: keep SSL log for 90 days.
- Fixed issue with admin alerts.
- Improved the content of readme.txt.
- Fixed some issues for smooth upgrade from version 2 to Free version 3.
- Improved a few text.
- Fixed a function name conflict with Form Maker Pro plugin.
- Improved auto-detection [Pro] whether the plugin was used for multi-domain. This helps smooth upgrading to the Pro version 3 from version 2.
- Fixed an issue displaying the FREE Premium License offer (with admin notice) for the Existing users, who are upgrading from the free version 2.2.3 or earlier.
- Compatible with WordPress 6.0
- Fixed an issue displaying the ‘Activate Force HTTPS’ button.
- Improved ‘Activate Force HTTPS’ feature.
- Added a new feature to save the log for 45 days and easy access from the menu.
- Improvement in the layout.
- Fixed an issue with the parameter of function getDomainPath(), which returns the domain path.
- As per the announcement dated November 3, 2020, we are releasing the premium/pro version, which is fully automated and this free version doesn’t have any automation feature. We are offering a 6-month FREE premium license to all existing users (who are upgrading from the free version 2.2.3 or earlier). This FREE premium license is valid until December 31, 2022.
Existing users need to upgrade the free plugin to version 3.0.0, then they’ll get the option to request the Premium License for FREE.
- Improved setup process [Pro] Users can set it up within one minute in the single domain mode.
- Improved cPanel Settings [Pro]
- Improved Cron job [Pro] No need to manually configure the cron job. It is activated by default with WP cron.
- Improved ‘Issue and install Free SSL certificate’ option [Pro] Now users can view the server-generated event messages in real-time with a terminal-like interface, with SSE.
- Improved data entry [Pro] A few essential data are prefilled automatically.
- Fixed conflict with ‘Post SMTP Mailer/Email Log’ plugin.
- Fixed an issue to make it translation ready.
- Announcement to restructure the features.
- Removes parameter type declaration of the function connect_over_ssl() to make the plugin compatible with PHP 5.6. This function has been added in the version 2.2.0.
- Adds validation with the ‘Activate Force HTTPS’ option. Now it works only if a valid SSL installed on the website.
- Changed the support link that appears in the footer of the admin pages.
- Fixed a bug with ‘Issue and install Free SSL certificate’ option
- Improved the layout of ‘Issue and install Free SSL certificate’ option
- Adds video guide: How to Configure this Plugin and set up Automation
- Fixed minor error in the file DnsServiceProvidersSettings.php that throws PHP Notice: Undefined index: use_wildcard
- Improves ‘Add Cron Job’ option.
- Adds two video guides: ‘How to add a Cron Job in a minute on cPanel shared hosting’ and ‘How to Install Free SSL Certificate on cPanel Shared Hosting’.
- Adds FAQ.
- Improves Force HTTPS feature. Regenerating dynamic CSS with premium themes will include HTTPS and remove the not secure warning in browsers.
- Fixed a bug with the dashboard of Auto-Install Free SSL.
- Fixed issue with the encryption key.
- Adds admin notification and sends an email to admin in case the encryption key was changed due to a previous update.
- Improves internal validation (HTTP-01 challenge) – Before the domain ownership validation with Let’s Encrypt, if the payload content doesn’t match with content of the challenge URI (in internal check), attempt for automatic fix with .htaccess rules in two different ways.
- Improves cPanel Settings option.
- Improves Temporary SSL option.
- Fixed issues with PHP 5.6, 7.0 and 7.2
- Adds the option to Activate Force HTTPS and remove mixed content warning with a single click. This feature will make the padlock visible in the browser’s address bar.
- Removes the option to choose Let’s Encrypt ACME version. The plugin now uses ACME V2 only. Because V1 is reaching the end of life soon.
- Fixed issue with cron job
- Initial release