How do I create an SSL certificate with Let's Encrypt?

This FAQ was last modified on: Monday, March 18, 2019 08:55am
Category: 

Let's Encrypt is a Plesk hosting control panel tool that lets customers quickly and easily secure their domains with basic individual SSL certificates, at no additional cost.

Cover subdomains

Secure levels of subdomains that aren't covered by the default wildcard certificate.

Include aliases

Does your site go by multiple names? Cover as many aliases as needed.

Auto-renew

Let's Encrypt will notify you of upcoming expiration and will auto-renew your certificate.

Easy management

With a few clicks, you can create your certificate and be instantly secured.

When should you use Let's Encrypt?

While the Web Hosting default wildcard certificate covers most user cases, here are some real-world examples of why Let's Encrypt might be a solution for your site:

  • Your site requires "www" but isn't eligible to be added to the wildcard certificate

    The wildcard certificate won't cover https://www.[YOURSITE], but a Let's Encrypt certificate will.

  • Visitors sometimes run into security warnings about your site

    HTTPS redirect rules only apply after the browser has shaken hands with the server, and you can't control how a visitor reaches your site. Use Let's Encrypt if you want to make sure any browser request directly to https://www.[YOURSITE] goes through.

  • You plan to have multiple subdomain sites under your main site domain, but don't qualify as a DNS subzone

    Let's Encrypt will help you secure as many subdomains as needed, which is perfect for developers and site owners who juggle separate prod/dev/test versions of their site, or who like to maintain multiple sites under a primary domain.

Getting started with creating your certificate with Let's Encrypt

  1. Navigate to your site's control panel
  2. Log in to hosting.gatech.edu and click through to the Plesk web admin control panel for your site
  3. Click the Let's Encrypt tool under "Websites & Domains"

    PLESK control panel.

  4. Configure your certificate and install

    1. Enter: Your notification email address
    2. Checkmark: "Include a 'www' subdomain for the domain and each selected alias"

      Note: If you have any domain aliases you'd like to include, make sure they are listed under the "Selected domain aliases" box.

    Let's Encrypt SSL/TLS certificate setup.

  5. You should see a confirmation alert, and your Let's Encrypt certificate will be active and selected by default.

Common Questions and Issues

I got a renewal notice email from Let's Encrypt. Will my certificate auto-renew?

Yes, your certificate should auto-renew. You can opt to renew it manually ahead of the auto-renewal by clicking the "Renew" button for the certificate in the Let's Encrypt control panel tool.

SSL/TLS Certificates removal warning: Unable to remove SSL/TLS certificates. One or more certificates are used by websites.

You may see this error when trying to remove or create a new Let's Encrypt certificate or while a Let's Encrypt certificate still in use by your site. To de-select an existing Let's Encrypt certificate:

  1. Navigate to your domain control panel
  2. Click the "Hosting Settings" tool
  3. Navigate to the "Security" header, and for "Certificate" select "Not selected" from the drop-down options to use the default wildcard certificate
  4. Click OK

You should now be able to remove the Let's Encrypt certificate (via the "SSL/TLS Settings" tool), or add a new certificate.

Error: Could not issue a Let's Encrypt SSL/TLS certificate for [MY SITE]. Authorization for the domain failed.

Let's Encrypt uses a DNS check to confirm that the site information, including any listed aliases, is correct. A site name or alias that does not match the DNS check will cause this error.

To fix this error, you may need to:

  • Deselect the site alias from being included in the certificate
  • Verify that DNS is set up correctly for your site name or alias(es) and is pointing to the server your site lives on

If you need assistance troubleshooting this error, please reach out to support@oit.gatech.edu.

Other: Let's Encrypt rate limit issue.

Let's Encrypt is a freely provided service, and has some rate limits in place to avoid being overwhelmed. If you run into an error regarding one of these limits, the solution is to wait until the service will let you try again. Refer to the Let's Encrypt documentation for full details on limits.

  • Certificates per Registered Domain limit

    Georgia Tech is allowed 250 new certificates per week.

  • Duplicate Certificate limit

    Individual sites are allowed to request 5 "new" certificates per week for the same site name and alias(es).

  • Failed Validation limit

    Individual sites are allowed to fail validation 5 times per hour.