Use an SSL Certificate with your website

Joomla! Help Support Warrington Cheshire Manchester Merseyside UK Let's Encrypt SSL Certificate is a free, automated, and open certificate authority (CA), run for the public’s benefit.

It is a service provided by the Internet Security Research Group (ISRG).

The ISRG provide a free digital certificate to enable you to add a secure HTTPS (SSL/TLS) connection to your website.

The Benefits

HTTPS offers end-to-end security between web browser and web server.HTTPS offers end-to-end security between web browser and web server.

The SSL certificate supports encryption of data transferred between your computer and the web server.

Visitors who sign into this website are protected by a Let's Encrypt SSL Certificate.

The ISRG Mission

+ - The key principles behind Let’s Encrypt close

The ISRG Mission is to create a more secure and privacy-respecting web through the distribution of SSL certificates.

Free

Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.

Automatic

Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.

Secure

Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.

Transparent

All certificates issued or revoked will be publicly recorded and available for anyone to inspect.

Open

The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

Cooperative

Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Source: Let's Encrypt.

Five reasons we like using Let's Encrypt

+ - Visitor Reassurance close

When someone visits our website via HTTPS they see a reassuring symbol in the address bar of their browser window.

A shield in the Firefox browser

ssl letsencrypt joomlers

A padlock in the Chrome browser

ssl letsencrypt joomlers chrome

Now, when customers sign in to read our Joomla! User Guides, they know that their confidential login details are encrypted. In other words, protected from hackers.

+ - Website Security close

When we in turn sign into our website's Joomla! CMS Dashboard, we know that our user credentials are also protected by the encrypted connection.

The resulting HTTPS connection prevents so-called packet sniffers from harvesting usernames and passwords.

+ - Improved Performance in Search Engines close

Google has indicated that using an HTTPS address for a web page will have a positive impact on search engine performance.

+ - Affordability close

Let's Encrypt SSL certificates are free.

Commercial SSL certificates can be costly.

Critics point out that Let's Encrypt SSL certificates are domain validated, meaning that they can be added to a website by anyone, even the developer of a spoof website. There is no external verification.

Domain validated SSL certificates do not therefore guarantee the trustworthiness of a website.

But they do protect users interacting with websites that use them.

+ - Usability close

The Let's Encrypt SSL Certificate auto renews.

If for some reason it does not then you can call upon your hosting provider's Technical Support.

How to obtain a Let's Encrypt SSL Certificate

To be able to use an SSL Certificate with your website you first need to obtain one.

This is easy using the Let's Encrypt Module included with a cPanel Hosting Account.

Read more: Issue a Let's Encrypt SSL Certificate.

 

Issues to consider before obtaining an SSL Certificate

When an SSL Certificate is issued then your website's URL will change from HTTP to HTTPS.

You will also notice a shield (Firefox) and a padlock (Chrome) in the browser address bar.

The change of URL means you will need to  make some changes to your website's Joomla! CMS after issuing an SSL Certificate.

And maybe some changes to the settings of 3rd party extensions used by your website.

If you are using Search Engine and Social Media Accounts in conjunction with your website, then these accounts' settings will most likely also need adjusting.

Your website's performance in search engines will otherwise be adversely impacted by changing your website's URL from HTTP to HTTPS.

Website visitors who use an old devices and/or operating system may not be able to visit your website after issuing an SSL Certificate - see Target Audience section below.

 

Target Audience

Website visitors who are using an old devices and/or operating system may not be able to visit your website after you add a Lets Encrypt SSL Certificate.

Reason: some older operating systems do not recognise the Lets Encrypt SSL Certificate.

These older operating systems include Apple devices using MacOS X Operating System v10.12.1 and earlier.

Note: v10.12.1 was replaced by v10.12.2 several years ago (2016).

Read more: Some Mac OS versions do not recognise some popular security certificates.

+ - Catering for the needs of users of old MacOS devices close

If the majority of your website's users are unable to update their device and/or operating system then you may wish to defer adding a Lets Encrypt SSL Certificate to your website.

You could instead add a different SSL Certificate, one which the older devices and/or operating systems recognise.

Or recommend that website visitors replace their device and/or operating system.

Reason: it is not safe to connect to the internet using devices and operating systems which are no longer supported by developers.

Read more: MacOS Version History.

Contents include:

Recommended adjustment to:
Joomla! CMS settings,
3rd party extension settings,
Search engine account settings,
Social media account settings.

Subscribers: sign in to read full article