In this post we're going to be discussing how to install a free SSL certificate on GoDaddy. We're writing this post because we see this question all the time on Reddit and Facebook: “is there any way to avoid the $70.00 per year GoDaddy SSL certificate by installing a free one myself?”. The simple answer to this question is that it is fairly straightforward to avoid the GoDaddy SSL certificate by installing a free one from Let’s Encrypt. In this blog post we're going to discuss how exactly to do that.
This is a companion post to our video tutorial which you can find on YouTube:
Many GoDaddy users are led to believe that the only way they can get an SSL certificate for their website is by purchasing the $70.00 per month one found here: https://www.godaddy.com/web-security/ssl-certificate
GoDaddy doesn't come with an automatic free SSL certificate, instead you need to purchase one from the above link. The cheapest one is $70.00 per year, while a wild card SSL costs $295.99 on the first year and $369.99 when you renew. This company is an outlier as many other hosting providers offer a free SSL certificate in their base plans (Cloudways, our hosting partner, offers free SSL certificates that can even be applied to wildcard domains).
Unfortunately, many GoDaddy users are led to believe that their only route when it comes to acquiring an SSL certificate is through the company. In our opinion, this is highway robbery. Not only is it an industry standard to offer a free SSL certificate that is automatically installed onto your website, it isn't right to lead non technical users down this route. We understand the need for convenience, but convenience shouldn't come at $70.00 per year.
In 2020, having a SSL certificate installed on your domain is absolutely essential. The SSL certificate is used to keep sensitive data or information private and encrypted. Only the intended recipient of this data can decrypt this information , making it safe for your website visitors to enter things like payment information, addresses, and more. If you don't have an SSL certificate, any data that website visitors submit can easily be intercepted by malicious actors.
Back in July 2018, Google announced that they would mark all websites without an SSL certificate's not secure. Many browsers followed suit, and today if you don't have an SSL certificate installed on your website, you will get a padlock with a red X through it, and a notice that says something like this “this website is not secure, you should not trust it”.
Not only does this destroy your credibility, it has search engine optimization implications, and your website truly is not secure. Hackers can easily steal information, and even manipulate the structure of your website to capture sensitive data from unsuspecting visitors.
When you do have an SSL certificate on your website, the URL will display HTTPS (instead of HTTP) and the padlock will be green, displaying the word secure. This means that any and all information submitted on the website, or sent through it is encrypted, secure, and a visitor can trust your website.
We're not going to go into the specifics of what an SSL certificate actually is. this article is intended to educate you on how to install a free SSL certificate into your GoDaddy website, and forgo the $70 to $300 per year charge.
If you'd like to learn more about SSL certificates, how they encrypt all information, and why they make website secure, read this article: https://www.theedigital.com/blog/why-ssl-and-https-are-essential-for-your-website
As we stated before, you are not stuck paying $70.00 to GoDaddy for an SSL certificate, no matter how much they want you to believe that. Instead, we can install a third party SSL certificate from let's encrypt that costs… drumroll please… $0.00.
This entire process of installing the SSL certificate to your GoDaddy website should only take 20 minutes at maximum, and will cost you nothing.
Before we get into the tutorial, let's briefly review every step in this process. We are first going to install a plugin to our WordPress website. We're going to use that plugin to generate a free SSL certificate provisioned by Let’s Encrypt (a nonprofit organization that offers free SSL certificates). we're going to take the SSL certificate, and install it on our GoDaddy-hosted WordPress website through the cPanel interface. Once installed, we're going to test that everything is working, and reap the rewards of our newly secured website.
We don't like GoDaddy hosting. Their shared hosting is extremely slow, overpriced, and the company tries to trick unsuspecting users into paying for services that are easily free. If you're trapped in a long term plan, we feel for you. If your plan is soon to expire, we recommend migrating your website over to Cloudways. This hosting company bills you monthly, offers free SSL's, has amazing Live Support and allows you to host your website on one of the five industry-leading cloud providers (think AWS, Digital Ocean). The service starts at $10 per month, and scales to your needs automatically.
Start for free (no cc info) with a non restricted 3 day free trial of the platform.
The free plugin that we're going to be using to install an SSL certificate into our GoDaddy website is called SSL Zen. This plugin allows you to easily generate an SSL certificate through Lets Encrypt, install it onto your website, and then change all links from HTTP to HTTPS. It makes this process as simple and easy as possible.
Install the plugin on to your WordPress website. While this is a free plugin, there is a premium plan which automates some of these steps (though it kind of defeats the purpose of a free SSL certificate).
Upon installation, you will be presented with a four step wizard that will help you install the SSL certificate on to your GoDaddy website.
The first step is entering your domain and contact details. Be sure to enter the domain correctly, and an email address that you have access to.
The second step of this process is verifying your domain. You have two options when it comes to verifying your domain, you can do this either by uploading a file to your root word press directory, or adding a domain text record in DNS. While the plugin states that DNS is quicker (7 minutes compared to 10 minutes), it doesn't mention that propagation can take anywhere from a couple of minutes to 48 hours. This is why we always recommend using the HTTP method.
To verify your domain, you will need to upload a file in a specific folder.
Click on the HTTP box, and an interface will load that shows you how to verify your domain.
We recommend downloading the verification file first period under Step 2 in the interface, click on the “file 1” button. This will download a verification file to your desktop.
The first step is accessing the files that make up your WordPress website. With GoDaddy, you can easily do this with cPanel. Load the cPanel File Manager, and navigate to the directory of your WordPress website. Typically, it is hosted in public_html If there is no other website installed on the server.
There are several other methods of accessing your website's file directory. You can access the website through FTP, or use a plugin like:
You can ensure that you're in the right place by identifying the following three folders that are present in every WordPress installation:
Once you're in your WordPress files, create a new folder titled .well-known. enter that new folder, and create a new folder titled acme-challenge. Within that folder, upload the file that you downloaded in the beginning of this process.
Once the file is uploaded, click on the blue “verify” button.
This will verify that you own the domain as SSL Zen will see that you have access to the server by reading the verification token. (by uploading the file to the folders that you have created, you are creating an HTTP-01 challenge: http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>) You can read more about challenge types, and domain verification here: https://letsencrypt.org/docs/challenge-types/
Upon successful verification of your domain, SSL Zen (through Let’s Encrypt) Will generate an SSL certificate for you. The third screen of the wizard will present the three file types that make up an SSL certificate, and give you instructions on how to install it into your C panel host. Because it GoDaddy shared hosting uses cPanel, the instructions that they offer are perfect, though we're going to review how to do it step by step here as well.
On the right of the screen, you can see the three file types that make up any SSL certificate. The certificate.crt, the privatekey.pem, and the cabundle.crt.
The first button on each entry will allow you to copy the data within the file, and the second button will allow you to download the individual file.
If you're feeling a bit confused at this point, that's OK! all you need to do is follow the steps in this tutorial, and you will have a free SSL certificate installed on GoDaddy. Think of that $70.00 that is remaining in your pocket and press onwards!
Before we continue, we tailored this tutorial for GoDaddy, but this method will work on any host that uses cPannel. Most budget, shared hosting providers offer you a cPanel interface.
To install our SSL certificate, we need to log into GoDaddy's cPanel (KB article here).
Do this by loading the main GoDaddy dashboard, navigating to my products, clicking on the web hosting tab, and then clicking on the manage button. Now you should be in the dashboard for that individual hosting account. There is a large black button on the upper right hand corner that says “cPanel Admin”. Clicking on that will load the interface that you need to install your SSL certificate.
The admin dashboard should look something like this. Utilize the search function, and type in SSL. Click on the SSL/TLS icon.
Once this screen is loaded, navigate back to your WordPress website, where Step Three of SSL Zen should be open (This is the step that displays the individual components of the certificate).
For each file type, click on the copy button. That will load an interface where you can copy the data contained within the file. Once you've copied the data, navigate back to the cPanel, and paste the data in the respective field.
Both the certificate.crt and cabundle.crt will be pasted into the Certificates (CRT) section on cPanel.
Click on the generate, view, upload, or delete SSL certificates link, and scroll partially down the page until you are at the upload a new certificate section. In this box, paste the certificate.CRT data.
Then click the blue upload button beneath the field.
Repeat this same process for the cabundle.crt (pasted into the Certificates (CRT) section on the SSL cPanel Page).
For the private key, copy and paste the data, navigate to the SSL cPanel page, and click on the “generate, view, upload, or delete your private keys” link. Scroll partially down the page to where it says upload a new private key, paste the private key into the textbox, and click the blue upload button.
Congratulations, you have now installed a free, third party, SSL certificate on to your GoDaddy website. You’re almost done!
Navigate back to your WordPress website, where the third step of the SSL Zen wizard will show. Click on the blue next button. The plugin will verify that you have properly installed your SSL certificate.
Then, the plugin will prompt you to begin serving your WordPress website over SSL. It will automatically convert all incoming HTTP requests to HTTPS, change the site and home URL from HTTP to HTTPS, and fix the insecure content warning by replacing all HTTP URLs to HTTPS URLs (This does the same thing as the wildly popular Really Simple SSL plug in does, removing the need to install two plugins for SSL purposes).
You will need to check off the warning box. This box states that if you don't renew your SSL certificate every 90 days, the website will display a not secure warning to the visitors. This is the tradeoff of the free SSL service. Let's Encrypt SSL certificates will expire every 90 days. That means that every 90 days, you will need to renew the certificate to ensure that your website remains secured.
This is an industry standard, and cannot be changed. Typically, web hosts that offer SSL certificates will automatically renew them every 90 days for you (Cloudways does this). The premium version of SSL Zen, which costs $29.00 per year, will do this as well. And, while this is not verified by us, we feel that GoDaddy is simply reselling a Let’s Encrypt certificate for infinite profit, and automatically renewing it every 90 days.
After checking off the box and clicking next, your website will automatically be converted to HTTPS, and will now be secure. The red padlock in the browser bar should now be green, and you should have automatically been logged out of your WordPress website. If these two things have happened, you have successfully installed a free SSL certificate on your GoDaddy website.
Log back into your website, and run through all pages to ensure that the changes have been made.
Congratulations, not only have you secured your website with an SSL certificate, you have avoided paying GoDaddy $70.00 per year for something that is absolutely free!
We hope that this was a helpful tutorial on installing an SSL certificate into your website. Again, we want to stress that while this tutorial was specifically oriented towards GoDaddy, you can use this method to install an SSL certificate on any host that uses cPanel.
It is pointless to pay for a SSL certificate seeing as they are completely free. Let's encrypt is the industry standard, works very well for us, and is simple and easy to implement.
If you have any questions or comments, feel free to reach out below.