How to Setup HTTPS/SSL Certificates: Difference between revisions
(23 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Please see this page for help with [[Purchasing an SSL Certificate]]. Of course, we do include support for you to add your SSL Certificates to your account and set them up with your | Please see this page for help with [[Purchasing an SSL Certificate]]. Of course, we do include support for you to add your SSL Certificates to your account and set them up with your hosted domains/sites. | ||
==Specifications== | ==Specifications== | ||
Line 8: | Line 5: | ||
===Certificate Requirements=== | ===Certificate Requirements=== | ||
For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format. | For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format. This includes Let's Encrypt - Free SSL/TLS Certificates. | ||
You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a [https://wiki.bravenet.com/Upgrading_your_hosting_service Bravenet Pro] account to utilize SSL Certificates. | You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a [https://wiki.bravenet.com/Upgrading_your_hosting_service Bravenet Pro] account to utilize SSL Certificates. | ||
Line 29: | Line 26: | ||
==Setup the SSL Certificate== | ==Setup the SSL Certificate== | ||
=== <b>Bravesites Site Builder:</b> === | |||
---- | |||
Purchasing a SSL Certificate: | |||
#Log in to your Bravenet account. | |||
#Click the <b>"Site Builder"</b> tab. | |||
#Click <b>"Add SSL"</b> beside the website in question. | |||
#If you have not yet purchased your SSL Certificate click <b>"Purchase an SSL Certificate"</b>. | |||
---- | |||
Installing a SSL Certificate: | |||
#Log in to your Bravenet account. | |||
#Click the <b>"SSL"</b> tab at the top of the page. | |||
#Click <b>"Download"</b> next to your domain. | |||
#Click <b>"Download Certificate File" (*.pem)</b> and <b>"Download Key File" (*.key) </b> | |||
#Click the <b>"SiteBuilder"</b> tab at the top of the page. | |||
#Click <b>"Add SSL"</b>. | |||
#This is where you upload your <b>key (*.key)</b> and <b>certificate (*.pem)</b> files. | |||
#Click the button <b>"Upload and Activate SSL"</b> | |||
=== <b>Bravehost FTP Hosting:</b>=== | |||
---- | |||
#Click to the <b>Web Hosting</b> tab from the top of the page. | #Click to the <b>Web Hosting</b> tab from the top of the page. | ||
#Click on the <b>SSL Certificates</b> button. | #Click on the <b>SSL Certificates</b> button. | ||
Line 38: | Line 56: | ||
#If instead you have the cert as plaintext, select the <b>Paste Text</b> radio button. | #If instead you have the cert as plaintext, select the <b>Paste Text</b> radio button. | ||
##Click into the Certificate text field, and paste the certificate code, including and starting at the line <b>-----BEGIN CERTIFICATE-----</b> and ending with and including <b>-----END CERTIFICATE-----</b> | ##Click into the Certificate text field, and paste the certificate code, including and starting at the line <b>-----BEGIN CERTIFICATE-----</b> and ending with and including <b>-----END CERTIFICATE-----</b> | ||
###If have an intermediate certificate, you | ###If you have an intermediate certificate, you will need to add this into the intermediate certificate text box. Copy your intermediate certificate code, including and starting at the BEGIN and END certificate lines. | ||
###Paste this intermediate certificate code into the intermediate certificate text box. | |||
###Paste this intermediate certificate code | |||
##Click into the Private Key text field, and paste the key code, including and starting at the line <b>-----BEGIN RSA PRIVATE KEY-----</b> and ending with and including <b>-----END RSA PRIVATE KEY-----</b> | ##Click into the Private Key text field, and paste the key code, including and starting at the line <b>-----BEGIN RSA PRIVATE KEY-----</b> and ending with and including <b>-----END RSA PRIVATE KEY-----</b> | ||
#Enter the certificates password if there is one. If not, leave the field empty. | #Enter the certificates password if there is one. If not, leave the field empty. | ||
#Click on <b>Add Certificate</b> to finalize the certificate. | #Click on <b>Add Certificate</b> to finalize the certificate. | ||
==Let's Encrypt Certificates== | |||
We now offer the ability to obtain and install an SSL certificate free of cost from Let's Encrypt. You can obtain and install a Let's Encrypt SSL certificate for a website in your Bravenet account using this guide. Let's Encrypt certificates are auto-renewed every two months. We will add a DNS entry to your domain for verification and auto-install the certificate once it's approved. | |||
For more information about Let's Encrypt please see: https://letsencrypt.org/ | |||
'''Note:''' You must have your nameservers set to Bravenet in order to install a Let's Encrypt certificate with us using the steps below. Please note, if you have recently updated your nameservers to Bravenet, you may need to wait up to 24-72 hours for this change to fully propagate before attempting to install a Let's Encrypt certificate. Let's Encrypt certificates can be used on any Bravenet Site Builder or Web Hosting website and are not supported on any website configured for a third party host. | |||
==Setting up a Let's Encrypt SSL Certificate== | |||
=== <b>Bravesites Site Builder:</b> === | |||
---- | |||
If your website is found under the ''''Site Builder'''<nowiki/>' section in your account, please use the following instructions to obtain & install the certificate: | |||
#Replace "example.com" with your domain name in the following link. https://manage.bravehost.com/lets_encrypt/new?domain_name=example.com | |||
#While logged into Bravenet.com, paste this updated link into your browser. | |||
#Click ''''Continue'''<nowiki/>' to proceed with the verification process (<b>Note:</b> You must have your nameservers set to Bravenet to continue. We will verify your domain via an automatic DNS verification method which requires access to your domain's DNS records). | |||
#You may see a message advising you to refrain from altering your DNS records for the next 24 hours, click ''''Proceed'''<nowiki/>' if you agree and wish to continue. Your certificate status will be available on the SSL tab. | |||
#Once it is installed, visit the "Site Builder" tab and click "Add SSL" in the options for your website. You will t<nowiki/>hen be prompted to install the certificate on your website. | |||
=== <b>Bravehost FTP Hosting Websites:</b> === | |||
---- | |||
If your website is found under the ''''Web Hosting'''<nowiki/>' section in your account, please use the following instructions to obtain & install the certificate: | |||
#In your Bravenet account, click on the ''''Web Hosting'''<nowiki/>' tab. | |||
#Click ''''Manage'''<nowiki/>' next to the website you would like to install an SSL certificate for. | |||
#Under "'''Security'''", select ''''Let's Encrypt'''<nowiki/>'. | |||
#Click ''''Continue'''<nowiki/>' to proceed with the verification process (<b>Note:</b> You must have your nameservers set to Bravenet to continue. We will verify your domain via an automatic DNS verification method which requires access to your domain's DNS records). | |||
#You may see a message advising you to refrain from altering your DNS records for the next 24 hours, click ''''Proceed'''<nowiki/>' if you agree and wish to continue. | |||
After following the steps above, your Let's Encrypt SSL certificate order is now created. Let's Encrypt certificates are auto-renewed every two months. We will add a DNS entry to your domain for verification and auto-install the certificate once it's approved. Please note this may take up to 24-48 hours to process due to DNS propagation delay times. You can view the status of your new SSL certificate from the ''''SSL'''<nowiki/>' tab found in your Bravenet account. | |||
[[Category:HTTPS]] | [[Category:HTTPS]] | ||
[[Category:Domains]] | [[Category:Domains]] | ||
[[Category:Websites]] | [[Category:Websites]] |
Latest revision as of 12:23, 9 August 2024
Please see this page for help with Purchasing an SSL Certificate. Of course, we do include support for you to add your SSL Certificates to your account and set them up with your hosted domains/sites.
Specifications
Certificate Requirements
For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format. This includes Let's Encrypt - Free SSL/TLS Certificates.
You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a Bravenet Pro account to utilize SSL Certificates.
Server and User Considerations
On the server-side, Bravenet HTTPS protocols are facilitated/provided through a reverse proxy powered by Nginx.
End-user browsers must support SNI (Server Name Indication) to be compatible with SSL Certificates. By default, most browsers provide SNI support, but some do not.
Intermediate Certificates
SSL Certificates purchased through Bravenet include an appropriate intermediate certificate included in the SSL Certificate itself.
The implementation of intermediate certificates will vary between every certificate provider, and so it is difficult if not impossible to provide instructions that will work for configuring the intermediate certificate in every other circumstance. An intermediate certificate is only necessary for some end-users, yet the SSL Certificate itself can work fine without the intermediate component in many environments/browsers/configurations.
Of course, to ensure your site is as fully compatible with HTTPS protocol and possible end-user/browser configurations as possible, you should include the intermediate certificate if it is provided/encouraged by the certificate provider.
The intermediate certificate is appended to the SSL certificate itself, so that when end-users connect to the site they download both the certificate and the provider's intermediate certificate. The intermediate ticket is essentially a packet of additional certificate authentication that can be (optionally) included with the SSL certificate.
Setup the SSL Certificate
Bravesites Site Builder:
Purchasing a SSL Certificate:
- Log in to your Bravenet account.
- Click the "Site Builder" tab.
- Click "Add SSL" beside the website in question.
- If you have not yet purchased your SSL Certificate click "Purchase an SSL Certificate".
Installing a SSL Certificate:
- Log in to your Bravenet account.
- Click the "SSL" tab at the top of the page.
- Click "Download" next to your domain.
- Click "Download Certificate File" (*.pem) and "Download Key File" (*.key)
- Click the "SiteBuilder" tab at the top of the page.
- Click "Add SSL".
- This is where you upload your key (*.key) and certificate (*.pem) files.
- Click the button "Upload and Activate SSL"
Bravehost FTP Hosting:
- Click to the Web Hosting tab from the top of the page.
- Click on the SSL Certificates button.
- If you were provided the certificate as separate files, click the Upload Files radio button.
- Click Choose File by Certificate, and navigate to the certificate file (extension .pem or .crt usually).
- Click Choose File by Private Key, and navigate to the key file (extension .key usually).
- If instead you have the cert as plaintext, select the Paste Text radio button.
- Click into the Certificate text field, and paste the certificate code, including and starting at the line -----BEGIN CERTIFICATE----- and ending with and including -----END CERTIFICATE-----
- If you have an intermediate certificate, you will need to add this into the intermediate certificate text box. Copy your intermediate certificate code, including and starting at the BEGIN and END certificate lines.
- Paste this intermediate certificate code into the intermediate certificate text box.
- Click into the Private Key text field, and paste the key code, including and starting at the line -----BEGIN RSA PRIVATE KEY----- and ending with and including -----END RSA PRIVATE KEY-----
- Click into the Certificate text field, and paste the certificate code, including and starting at the line -----BEGIN CERTIFICATE----- and ending with and including -----END CERTIFICATE-----
- Enter the certificates password if there is one. If not, leave the field empty.
- Click on Add Certificate to finalize the certificate.
Let's Encrypt Certificates
We now offer the ability to obtain and install an SSL certificate free of cost from Let's Encrypt. You can obtain and install a Let's Encrypt SSL certificate for a website in your Bravenet account using this guide. Let's Encrypt certificates are auto-renewed every two months. We will add a DNS entry to your domain for verification and auto-install the certificate once it's approved.
For more information about Let's Encrypt please see: https://letsencrypt.org/
Note: You must have your nameservers set to Bravenet in order to install a Let's Encrypt certificate with us using the steps below. Please note, if you have recently updated your nameservers to Bravenet, you may need to wait up to 24-72 hours for this change to fully propagate before attempting to install a Let's Encrypt certificate. Let's Encrypt certificates can be used on any Bravenet Site Builder or Web Hosting website and are not supported on any website configured for a third party host.
Setting up a Let's Encrypt SSL Certificate
Bravesites Site Builder:
If your website is found under the 'Site Builder' section in your account, please use the following instructions to obtain & install the certificate:
- Replace "example.com" with your domain name in the following link. https://manage.bravehost.com/lets_encrypt/new?domain_name=example.com
- While logged into Bravenet.com, paste this updated link into your browser.
- Click 'Continue' to proceed with the verification process (Note: You must have your nameservers set to Bravenet to continue. We will verify your domain via an automatic DNS verification method which requires access to your domain's DNS records).
- You may see a message advising you to refrain from altering your DNS records for the next 24 hours, click 'Proceed' if you agree and wish to continue. Your certificate status will be available on the SSL tab.
- Once it is installed, visit the "Site Builder" tab and click "Add SSL" in the options for your website. You will then be prompted to install the certificate on your website.
Bravehost FTP Hosting Websites:
If your website is found under the 'Web Hosting' section in your account, please use the following instructions to obtain & install the certificate:
- In your Bravenet account, click on the 'Web Hosting' tab.
- Click 'Manage' next to the website you would like to install an SSL certificate for.
- Under "Security", select 'Let's Encrypt'.
- Click 'Continue' to proceed with the verification process (Note: You must have your nameservers set to Bravenet to continue. We will verify your domain via an automatic DNS verification method which requires access to your domain's DNS records).
- You may see a message advising you to refrain from altering your DNS records for the next 24 hours, click 'Proceed' if you agree and wish to continue.
After following the steps above, your Let's Encrypt SSL certificate order is now created. Let's Encrypt certificates are auto-renewed every two months. We will add a DNS entry to your domain for verification and auto-install the certificate once it's approved. Please note this may take up to 24-48 hours to process due to DNS propagation delay times. You can view the status of your new SSL certificate from the 'SSL' tab found in your Bravenet account.