Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.
Update October 2016
Let’s Encrypt provides free SSL certificates. This is a fantastic service, especially since Google has used https as a ranking factor since 2014.
Unfortunately, in most cases you have to install the certificates using the command line, and you can only do that if you have root access to your server, which many hosting companies don’t provide.
There’s a list of web hosting providers that support Let’s Encrypt on GitHub, but they define “support” pretty broadly.
Let’s Encrypt for cPanel
If your hosting company uses cPanel, or you use it yourself on a dedicated server, there’s a plugin to automate Let’s Encrypt installation. It costs $30 for a single server and $150 for a hosting company, and from their docs it looks to be what SiteGround is using. Ask your hosting company to install it if they haven’t already.
Let’s Encrypt for Plesk
If, on the other hand, your hosting company (or your dedicated server) uses Plesk, there is a Let’s Encrypt plugin for Plesk on GitHub to create an auto-install/auto-renew tool similar to the one for cPanel. (Thanks Eric for this link.)
WordPress.com now provides Let’s Encrypt certificates for all its customers. That’s great for anyone who has a WordPress.com site, but not likely to make much difference for most of the members of this Meetup or their clients.
SiteGround provides easy installation and automatic renewal of Let’s Encrypt, and it’s very easy to use. It’s not, however, compatible with SiteGround’s version of CloudFlare, so you have to deactivate SiteGround’s CloudFlare and go to Cloudflare directly.
DreamHost has its issues, but they jumped on the Let’s Encrypt bandwagon early. They use their own customized platform rather than cPanel, so they had to develop their own tool, but they went ahead and did it.
Hi Sallie. We're excited about Let's Encrypt, and we're working on our integration. More details to come.
— Pressable (@Pressable) May 14, 2016
It’s not that surprising that Pressable would be planning Let’s Encrypt integration, since Automattic is a sponsor of Let’s Encrypt and a majority stakeholder in Pressable.
I’m happy to report that Let’s Encrypt integration is the pipeline for Pagely, the company hosting this very website, though I don’t know the timeline. They, too, have a custom site management platform rather than using cPanel.
It is planned yes.
— Pagely (@Pagely) May 14, 2016
WP Engine is one of the best-loved WordPress hosts, and for a good reason. I dropped in and asked their support staff about plans to incorporate Let’s Encrypt.
Because WP Engine uses its own client dashboard platform, rather than cPanel, they would have to write their own software to automate installation of Let’s Encrypt certificates. That’s not to say it couldn’t be done or that they won’t do it, but they’d have to dedicate time to build the tool and it’s not in the immediate pipeline.
Since A2 hosting is a sponsor of this meetup, it seemed like a good idea to include them here. They have a tutorial for installing Let’s Encrypt on their semi-managed servers, but what about their shared hosting? (The Turbo option is optimized for WP at a competitive price.) It appears they use cPanel so ought to be able to include the cPanel plugin above. As of February they were “working on it”:
@tometaxu We are working to have @letsencrypt available on our shared platform, just not quite there yet.
— A2 Hosting (@a2hosting) February 18, 2016
An email this morning from A2’s director of business development confirms that it’s almost ready:
We are in fact in the final staging of testing the cPanel plugin for Let’s Encrypt. We should have it available to our customers within a couple weeks.
Director of Business Development
GoDaddy provides tutorials for setting up Let’s Encrypt certificates for their cloud servers and VPS and dedicated servers, but what about their WordPress managed hosting and their shared hosting?
It is possible to install any valid 3rd party SSL Certificate on our cPanel shared hosting plans & Dedicated Servers. ^M
— GoDaddy Help (@GoDaddyHelp) May 14, 2016
Flywheel has become very popular with WordPress developers, but what about their Let’s Encrypt support? I’m waiting for an answer…
HostGator uses cPanel, so could theoretically install the Let’s Encrypt for cPanel plugin, but so far they haven’t and the support staff doesn’t seem to know much about it.
@ekasanlab While we are not yet aware of any upcoming plans the suggestion has been relayed internally for further consideration.
— HostGator Support (@HGSupport) February 1, 2016
@TechShopStPaul ^fb Unfortunately, we do not have any info on if this will be supported as of yet. Our apologies for any inconveniences.
— HostGator Support (@HGSupport) April 20, 2016
Despite numerous requests from their customers and the fact that they use cPanel, InMotion had no plans to automate Let’s Encrypt certificates as of May 4th. I recommended the cPanel plugin to them on Twitter and got this response:
We do not currently support Let's Encrypt, however I have passed this over to our development team to review. /BW
— InMotion Hosting (@inmotionhosting) May 14, 2016
Generate a Certificate
If your hosting company lets you enter certificate information for SSL (or will do it for you) you can use the Get HTTPS for Free generator, but it requires some command line work, and you have to renew the certificate yourself. This has been done successfully on Bluehost.