Secure Your Site with HTTPS in 30 Minutes Using Let’s Encrypt

For a fast, secure website, using HTTPS is essential for better performance, new APIs, service workers, and SEO.

I'm not a security expert, but I documented the process that took me 20‑30 minutes.

Getting a Certificate

Free certificates are available from Let’s Encrypt, backed by Mozilla, Chrome, Akamai, and Cisco.

The quickest way is via SSL For Free, choosing Automatic FTP Verification or Manual Verification.

After verification you receive:

SSL certificate for the site

Private key

CA/chain certificate

Installing the Certificate

Steps vary by hosting provider. Example with Media Temple:

Log into the account center.

Import SSL certificate, add the certificate, private key, and CA/chain.

Done!

Note: The third step may fail if the private key is not in RSA format. Convert it using OpenSSL: openssl rsa -in your.key -out rsa.key Replace domain and path accordingly, then upload the converted key.

Advanced Settings

If you run your own server or VM, consider manual installation. Recommended reading:

Tim Kadlec’s “Taking Let’s Encrypt for a Spin”

Jeremy Keith’s “Switching to HTTPS”

Verifying the Installation

Use an SSL checker to detect problems. Ensure no mixed content (http resources) remains.

Important: Do not use protocol‑relative URLs like /css/style.css; they can expose you to downgrade attacks.

Once secure, browsers will show a lock icon. If not, use tools such as “Why No Padlock?” to troubleshoot.

Force SSL/HTTPS for All Requests

After HTTPS works, enforce SSL for all traffic. Add the following to your .htaccess:

Give your site HTTPS today—you deserve it.