Page 1 of 3123»
Forum moderator: bigblog 
uCoz Community » For Webmasters » Custom Solutions » Guide to install Let's Encrypt SSL Certificate (Step by Step Guide)
Guide to install Let's Encrypt SSL Certificate
Cyberdasm
Posts: 605
Reputation: 6

Message # 1 | 6:19 AM
Beginners Guide: How to Install FREE SSL in uCoz System

by Algae “Cyberdasm” Densing


First and foremost we would define the following terms:
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. – info.ssl.com

SSL certificate is a unique digital signature that ensures secure connection between the client (browser) and the server (website). A secure connection is crucial if there are sensitive data transfers on a website (such as credit card transactions or login info). Usage of the HTTPS protocol on your website also improves search engine rankings. –uCoz

HTTPS is the secure version of HTTP that provides encryption of the data sent between the browser and the website using SSL certificates. -uCoz

In short SSL is an added security layer for your website.

There are also pros and cons if you install ssl in your website.
Pros:
- Security
- Identity
- Improve SEO rankings. According to googleblog
Cons:
- It will slow down your page load speed. According to Alex Moloney (Paradox) SSL does slow down your page load speed. The transport layer requires encryption/decryption at each end which adds load time. Depending on the content, server specs, and network topology this can be all of 0.1-0.5 of a second, to 1-2 seconds extra. Source: http://caco.ga/12


In order to obtain ssl for your website hosted in uCoz you must have the following:
Domain Name – You needed this because you couldn’t configure the control panel for Domain Attachment.
***There are many free domains you could acquire. I would suggest find it in Freenom.com if you can't afford to buy a higher TLD
• Upgrade your account to BASIC. The Very Important Part. Refer to Figure 1.
SSL certificates – Already defined above.

Figure 1


PART 1: OBTAINING SSL CERTIFICATE!
STEP 1. If you haven’t attached your domain name you must first attach it before you proceed.

STEP 2. Visit www.SSLForFREE.com and enter your website URL inside the box with www. Then submit it. Refer to Figure 2.

Figure 2


STEP 3. Choose Manual Verification (DNS) and click Manual Verify Domain button at the center-bottom of the page.


STEP 4. A Hidden tab will open containing the basic instruction on how to upload verification files. Refer to the image below.


STEP 5. I base my instruction in the image of Step #4. This is the crucial step and also the tricky part. I made twice attempt before I got the result. (Please refer to the image of Step 4 so that you wouldn’t be confused.)
a. In #1: You must read it so that you have a basic understanding on how it works.
b. In #2: The most tricky and crucial part. All you need to do is: go to your uCoz Control Panel (uCP) www.Your Website.com/panel/?a=domain_transfer . Then edit your domain records in EXPERT MODE.

i. In #2.1: In Variables Record Section, create TXT record under TYPE Column. (If you don’t know how just click A then choose TXT and make sure that you selected an empty field. Kindly pm if you are really confused.) Paste the value (qUVPpwp40vBJc4HPqOVkoWW1uqHfXUsXJAVY8wMSfyA this is just an example since every domain has a unique value) in the value field Column.
Copy the text until the 3rd level domain name only (www <-- do not copy the dot(.) after this.), . _acme-challenge.www[.caco.ga] Paste it in the Subdomain column, remember there is a dot (.) before the underscore(_) and do not include the domain name (I put brackets in it.) as well as the extension.
ii. In #2.2: Is the same instruction with #2.1 but without www.
iii. To RECAP:
In 2.1 paste this: . _acme-challenge.www in the Subdomain field, Type dropbox chose TXT and lastly paste the Value e.g qUVPpwp40vBJc4HPqOVkoWW1uqHfXUsXJAVY8wMSfyA in the Value field. (Always remember the dot.)
In 2.1 paste this: . _acme-challenge in the Subdomain field in Type dropbox chose TXT and lastly paste the Value in the Value field.
iv. Then save your newly updated setting. And wait for at least Two (2) hours and a maximum of four (4) hours to propagate the updated settings.
Remember this “DO NOT RESTART OR REFRESH SSLFORFREE WEBSITE WHEN YOU FINISH UPDATING YOUR uCP. SINCE THE VALUE IS UNIQUE AND IT CAN’T BE RETRIEVED. AND MAKE SURE YOUR BROWSER WILL BE IN A STANDY BY MODE FOR FOUR (4) HOURS MAXIMUM. IT IS BECAUSE THE UCOZ TLD HAS A VALUE OF 10K+.”

c. In #3: (Step #4 image) You must have patience since you will encounter a message when you click the two links:
Code
No TXT Record Found. Set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain.

That message signifies that the server do not yet respond to your request so you must wait a little bit.

DO NOT CLICK DOWNLOAD SSL CERTIFICATE YET: EVENTHOUGH THIS MESSAGE WILL APPEAR WHY? Here’s the reason: If the TXT value of the image below or in the verification page, isn’t the same TXT value in STEP #4(DNS Settings of your uCP) then you needed to wait. If you failed in this step go back to step 2.


d. If the Value are the same then it is safe now to click Download SSL Certificate. The image below is an example of SSL certificate. Download the file for backup copy.


Part 2: INSTALLING THE SSL CERTIFICATE
STEP 1. Go to your SSL Settings under Security Tab or navigate to http://yourdomain.com/panel/?a=ssl_certificate

STEP 2. Check the box titled “Enable HTTPS.” After you check it the would be an extra field entitled for your SSL Certificate strings. Here are the following:
a. Private Key - The key that you generated (with the app or on the console) when obtaining your certificate. Contact your certificate authority for details.
b. Certificate for the domain - The certificate code for the domain that you received from your certificate authority.
c. Intermediate certificate - Code of the intermediate certificate that you received from your certificate authority.


STEP 3. Copy All lenghty string of codes from sslforfree to uCoz ssl field. Refer to the image below.
NOTE: The CA bundle in SSLFORFREE is the Intermediate certificate in uCoz. (Don’t forget.)


STEP 4. For Maximum Security Check also the box titled “Prohibit HTTP for connected links” Then save.

STEP 5. After you Install your certificate. Please bear in mind that it takes a few minutes that the uCoz system will update your certificate. If you can see a color red subscript in https its okay just wait for a while. There’s no need to worry about that.
Attachments: 4040494.png(27Kb) · 8388440.png(8Kb) · 5098757.png(20Kb) · 7986241.png(28Kb) · 9376068.png(36Kb) · 4123715.png(8Kb) · 5801365.png(8Kb) · 6366863.png(56Kb) · 1796994.png(20Kb) · 7878288.png(21Kb)

1F4BF3B

admin@lizeal.tk
www.lizeal.tk
Post edited by Cyberdasm - Tuesday, 2017-05-09, 1:38 PM
Cyberdasm
Posts: 605
Reputation: 6

Message # 2 | 6:44 AM
STEP 6. After you reload your browser and you see an image just like below. You have been successfully install the sslForFree by Let’s Encrypt.


STEP 7. In order for your certifcate would’t be a hassle in renewing it just sign-up in sslforfree. Congratulations and God Speed. Thank you for using uCoz as your framework.
Attachments: 1585023.png(3Kb) · 3951405.png(6Kb)

1F4BF3B

admin@lizeal.tk
www.lizeal.tk
ashopbg
Posts: 23
Reputation: 0

Message # 3 | 0:30 AM
Up to now, ucoz.ae has no SSL set up feature.
IMB4
Posts: 51
Reputation: 0

Message # 4 | 9:55 AM
+10 biggrin
Gromov
Posts: 119
Reputation: 8

Message # 5 | 10:35 AM
ashopbg, Yes, at the moment an SSL certificate isn't available for the ucoz.ae.
IMB4
Posts: 51
Reputation: 0

Message # 6 | 1:01 AM
How to made all links to new https version? What happens if i have external links without https i can?

If web is HTTPS will b delayed hard at download or is only a bit?
bigblog
*boops*
Posts: 1463
Reputation: 71

Message # 7 | 11:17 AM
IMB4, system URLs will automatically be replaced with the HTTPS version but you need to manually update the links you added to the templates of the website and the articles. External HTTP links are fine as long as they're not resources your website needs to load. Using an HTTPS protocol won't affect the load time too much (from 0.1 seconds up to 1 seconds compared to the standard HTTP layer; new browsers handle it better).
hey i'm joe, please don't call me on my real name because you're gonna misspell or mispronounce it and it drives me nuts
IMB4
Posts: 51
Reputation: 0

Message # 8 | 2:11 PM
Manually? there are not an option to do it automatic like "remplace" plugin or system?
Cyberdasm
Posts: 605
Reputation: 6

Message # 9 | 11:09 PM
IMB4, yes it will automatically generate into https but there some conditions to meet. The control panel of your website wouldn't be full ssl supported but your front end or the view section of your website (MVC) would be fully secured if you replace all scripts and links into https. Kindly post your website address so that I could help addressing the issue that you encounter. So far I don't have an issue of the ssl certificate of let's encrypt. Actually you could check your website SSL issue by using the developers section of your browser. CTRL+ SHIFT + I then navigate to console. There you could check which one of your external links has an issue since the browser would notified you about it as well as where it can be found.
1F4BF3B

admin@lizeal.tk
www.lizeal.tk
IMB4
Posts: 51
Reputation: 0

Message # 10 | 9:04 PM
2 questions smile

1. Every 90 days i have to "reinstall it" or is automatic and i no need to change anything?
2. If I made website https and change all to https, how to "alert" google about this changes. I wont "b penalized" or lose position at search.
3. Someone can explain me how to change all http to https (easy mode)? plugin...script...? i have more than 1k pages...

Im sorry im not english and is hard to get it all wink
ashopbg
Posts: 23
Reputation: 0

Message # 11 | 7:16 AM
Quote IMB4 ()
2. If I made website https and change all to https, how to "alert" google about this changes. I wont "b penalized" or lose position at search.


Google will automatically crawl your website periodically but it depends on website ranking. You needn't to alert. Google will prioritize for any website which has https than without https. With https your website will get a good score from Google.

Quote IMB4 ()
3. Someone can explain me how to change all http to https (easy mode)? plugin...script...? i have more than 1k pages...


If your links are in template, you can go > Design > Quick replacement of template parts. Change http to https.

If you make internal link in your entry/menu, I am afraid you have to manually update.

The best way to make internal link is to remove domain name, just leave the path to entry only. This will help you reduce time to update URL when changing domain or related issues.
IMB4
Posts: 51
Reputation: 0

Message # 12 | 10:15 AM
Quote ashopbg ()
If you make internal link in your entry/menu, I am afraid you have to manually update.


uh.... but thanks for all. I'll take some time wink at wordpress u can change all with one click ._.
ashopbg
Posts: 23
Reputation: 0

Message # 13 | 0:47 AM
Quote IMB4 ()
uh.... but thanks for all. I'll take some time at wordpress u can change all with one click ._.


You are welcome.

If there is no much entry and if your internal links are placed in entry, you can do this trick to replace them all. Copy entry source code to your computer Notepad. Find and Replace all http to https. Or you remove the domain name. This will be faster.

Anyway, after you install https, all http will be redirected to https though the link is http.
Cyberdasm
Posts: 605
Reputation: 6

Message # 14 | 1:07 AM
IMB4, js scripts aren't an issue in terms of ssl since it will automatically block by the browser settings. The critical issues are the files and external links. So far I also learned that without fixing the issue manually couldn't solve your problem. I would give you an example on how it looked like. Kindly view the spoiler.

Now mostly, all of us were trouble why is it that eventhough we already have an ssl installed still the green key wouldn't show up. The most effective answer is: the website still using a resources that doesn't have an ssl or aren't an https.
IMB4, In order for you to fully used the capability of your ssl certificate, is to make sure that all of the warning and errors will be fixed. I prefer to secure first the warning before the errors. That's on my side. The only free app that could help you is your own browser. Just go to the developers panel or console. I'm hoping, this will clarify to your question #3.

In your #1 question: I didn't know yet the answer. But let's encrypt has a function to renew your ssl certificate in one click. And yes it would be renew manually. But not on the process on how to install the certificate.
Attachments: 1960431.jpg(355Kb)

1F4BF3B

admin@lizeal.tk
www.lizeal.tk
Post edited by Cyberdasm - Wednesday, 2017-05-31, 1:12 AM
Urs
Posts: 285
Reputation: 3

Message # 15 | 11:05 AM
Quote Cyberdasm ()
Copy the text until the 3rd level domain name only (www <-- do not copy the dot(.) after this.), . _acme-challenge.www[.caco.ga] Paste it in the Subdomain column, remember there is a dot (.) before the underscore(_) and do not include the domain name (I put brackets in it.) as well as the extension.


This part is not very clear.

There is no dot before underscore (copy paste text) on sslforfree.com AND if you put a dot like this ._acme-challenge the uCoz deletes the dot when you save !

Waiting for 2 hours already :
Quote
No TXT Record Found. Set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain.


2 more hours to go.

TXT Record Found. after 3 hours !

Extra information :
Quote
Certificate Successfully Generated

You can download the files by clicking download below or copy and paste the following into the appropriate inputs to install. SSL Certificates expire after 90 days so be sure to re-generate your SSL Certificate before then otherwise your website might stop working. If you use IIS and need a PFX file then follow the instructions in the following link to convert the certificate and private key file into a .PFX file - LINK (Install openssl and run openssl pkcs12 -export -out "certificate_combined.pfx" -inkey "private.key" -in "certificate.crt" -certfile ca_bundle.crt in a command prompt with path set to location of downloaded certificate files or use LINK ).


Can someone explain this ?

Post edited by Urs - Monday, 2017-06-19, 2:37 PM
uCoz Community » For Webmasters » Custom Solutions » Guide to install Let's Encrypt SSL Certificate (Step by Step Guide)
Page 1 of 3123»
Search: