Introduction to AutoSSL
Spiral Hosting are making it easier than ever to secure your website with HTTPS. We have introduced a new AutoSSL feature on all our shared hosting, enterprise hosting and reseller hosting plans. This knowledge base article contains all the FAQ's regarding AutoSSL.
What is AutoSSL?
Every active domain name on our hosting network is now secured by a 256-bit DV (domain validated) SSL certificate, which will encrypt all data sent between your HTTPS website and a visitor's web browser. AutoSSL is an automatically provisioned SSL certificate securing your HTTPS website (whether it is a domain, sub-domain, add-on domain or alias).
How do I enable/disable AutoSSL?
After months of extensive beta testing we have introduced AutoSSL as a standard feature across all our hosting plans, therefore it is now enabled by default. To verify the SSL certificate installed on your website, please type your website address into https://sslanalyzer.comodoca.com/
If you are encountering any issues related to AutoSSL, please open a support ticket (https://secure.spiralhosting.com/submitticket.php) so our technicians can help you. Our senior technicians have the option of disabling AutoSSL on particular hosting accounts, however there are many benefits to AutoSSL and we would want to discuss any issues you're encountering before we disable AutoSSL for any client.
How is it automatically provisioned?
The AutoSSL system will automatically check every active domain name on our hosting servers and it will attempt to install a new SSL certificate for any websites that do not already have one. The system will create a temporary .txt file in the /.well-known/pki-validation/ directory of each website, the temporary file contains a special SSL validation code, the SSL validation server will attempt to connect to your website and validate the existence of the code, and if everything can be validated AutoSSL will install the new SSL certificate. The process runs every night and it can sometimes take several nights to complete.
One of my domain names does not have AutoSSL, why?
There are a number of reasons why AutoSSL might be missing from your domain name. If the domain name has just been registered, please check for AutoSSL tomorrow daytime. If the domain name (or addon domain) has just been setup with hosting, please check for AutoSSL tomorrow daytime. If the domain name has been on our hosting network for longer, please open a support ticket (https://secure.spiralhosting.com/submitticket.php) so our technicians can help you.
How do I setup AutoSSL on my website?
Like any SSL certificate, installing it on your hosting account is only the first step. It must also be configured to work with your website software. Most webmasters will create an .htaccess redirect to force all HTTP website visitors onto HTTPS (http secure) web pages. Please follow our guide at https://secure.spiralhosting.com/knowledgebase.php?action=displayarticle&id=164 and for WordPress websites please follow our guide at https://secure.spiralhosting.com/knowledgebase.php?action=displayarticle&id=165
I have configured my website software, but the website is still 'insecure'?
There may still be other elements of your website that need configured. We recommend viewing the source code of your web pages and looking for any absolute elements (images, css files) that still use http:// and updating the code to use https:// instead. A single reference to http:// in your website code will render your website 'insecure'. You can also use the website www.whynopadlock.com to scan your web pages for problems.
What about Cloudflare, Sucuri, other CDN's and WAF's?
AutoSSL is not compatible with Cloudflare, other CDN's (content delivery networks), Sucuri, other WAF's (web application firewalls). This is because the DNS records for your website will be pointing to that service and not directly to our web server, so AutoSSL will not have validated. However, Cloudflare also offer a free SSL service so it may be possible to enable HTTPS on your website using it. Please discuss it with your website developer and please open a support ticket (https://secure.spiralhosting.com/submitticket.php) so our technicians can help you.
What about SSL certificates from other certificate providers?
AutoSSL will detect your existing SSL certificate and not replace it. We continue to sell SSL certificates from big brands like Comodo, GeoTrust and GlobalSign, which are an excellent option for securing your website for 1-3 years. For example Comodo Positive SSL certificates are available for only €39+vat per year, or if the website is for a limited company we would recommend an organisation validated (OV) or extended validated (EV) certificate - they cost a bit more and include the limited company name in the certificate details. Please see the SSL Certs page on our website for full details.
I want to replace an existing SSL certificate with AutoSSL.
There are a few steps involved. Firstly you will need to cancel the SSL service in your Spiral Hosting client area, please see our guide at https://secure.spiralhosting.com/knowledgebase.php?action=displayarticle&id=153. Next you will need to delete the SSL certificate from your cPanel control panel. Finally the next morning you will need to check your website to see if AutoSSL has been installed. If you encounter any problems please open a support ticket (https://secure.spiralhosting.com/submitticket.php) so our technicians can help you.
I can't wait until tonight for AutoSSL, I need SSL now!
The AutoSSL system will check your website(s) every night, or if you prefer not to wait, you can manually request it at any time of the day. Simply login to your cPanel control panel, go to the SSL/TLS Status page, then click the "Run AutoSSL" button. This will usually complete in 10-15 minutes.