在过去的几年里,整个网络已经从一个可选的安全HTTP协议(也称为HTTPS )过渡到一个场景,如果没有(HTTPS)SSL
证书来保护它,你今天就无法拥有一个网站。
这是因为每当用户访问以HTTP(HTTP)而不是HTTPS开头的网站 URL 时,谷歌就会在其Chrome浏览器中显示警告消息。
为确保您的网站符合网络安全标准,您需要购买SSL证书并将其安装在您的网站上。
确定您的专用 IP 地址
要使SSL证书正常工作,您的 Web 服务器需要有一个固定的专用 IP 地址。如果您有专用的网络服务器,通常可以在您的网络托管帐户中找到该 IP 地址。
如果您在那里看不到它,您还可以在 cPanel 工具的左侧窗格中找到服务器 IP 地址。
记下此 IP 地址,因为在下一步获取新SSL证书时将需要它。
安装您的 Web 主机的 SSL 证书
下一步是为您的网站获取SSL证书。
由于现在互联网上的所有网站都需要使用SSL,如果您想确保您的用户信任您的网站,许多网络托管服务提供商已经开始将免费的SSL证书与托管包打包在一起。
如果您遇到这种情况,请查看 cPanel 菜单并查找与已知SSL(SSL)
证书提供商的品牌相匹配的工具图标。
例如,网络主机Siteground为客户提供免费订阅 Let's Encrypt SSL证书。
如果是这种情况,那么你很幸运。在您的站点上安装SSL就像单击SSL工具图标、选择要保护的域并为该站点启用SSL一样简单。(SSL)
安装后,您的网站将安装
SSL,并将开始作为安全网站向访问者显示。
如果您在 cPanel 中没有看到可用的SSL工具,请联系您的虚拟主机以确认他们确实不提供SSL
证书。
如果他们不这样做,那么您需要自己购买并使用以下步骤手动安装。
购买新的 SSL 证书
您需要找到一个好的SSL证书提供商。这项服务的费用相对便宜,每年从 30 美元到 100 美元不等。
当今世界上一些顶级SSL证书提供商包括:(SSL)
要购买SSL证书,您需要您的域名,以及上面提到的 Web 服务器的专用 IP 地址。
购买后,您将收到三条信息。
证书(Certificate)( CRT ),它从证书提供商的服务器验证您的安全网站的真实性。私钥( KEY ),作为“密钥”,用于在访问者访问您的站点时解密和加密您的证书详细信息。(KEY)该密钥对访问者的 Web 浏览器和您的 Web 服务器之间的通信进行加密。
CA Bundle是第三条信息,它捆绑了使整个加密SSL认证工作的所有中间证书。
从SSL(SSL)提供商处获得这三条信息后,您就可以在您的站点上安装SSL证书了。
如何安装 SSL 证书
登录(Log)您的网络托管帐户并打开 cPanel。在安全(Security)性下,选择SSL/TLS Manager。
在SSL/TLS Manager窗口中,选择底部的管理 SSL 站点链接。(Manage SSL sites)
在Manage SSL Hosts窗口中,滚动到底部,您将在其中找到Install an SSL website。使用此部分中的下拉菜单选择您要应用SSL证书的主机。然后,在Certificate(Certificate)、Private Key和Certificate Authority Bundle ( CA Bundle )的每个字段中,填写您最初购买SSL证书时收到的长文本条目。
完成后选择底部的安装证书按钮。(Install Certificate)
现在,您的SSL证书已为该域安装,并且只要访问者在您的域中键入前面带有https的内容,该证书就会起作用。(https)
强制网站访问者使用 SSL
此时,任何已经访问过您网站的访问者仍将使用在域前面带有http的旧书签。(http)这些访问者仍会在Chrome中看到您的网站不安全的安全警告。
这可能会导致您失去大量访问者,因为他们将不再信任您的网站并将停止访问。
您可以通过强制所有访问者的浏览器修改URL以使https
始终位于前面来解决此问题。
在 cPanel 的文件(Files)部分中,双击文件管理器(File Manager)将其打开。导航(Navigate)到 Web 目录的根目录。您可以在此处找到.htaccess文件。右键单击该文件并从下拉菜单中选择编辑。(Edit)
.htaccess 是当人们访问您的站点时控制 Web 服务器行为的文件。您需要在此文件中添加特殊代码以强制访问者的浏览器使用 https 而不是 http。
编辑(Edit)模式将在本地计算机的默认编辑器中打开 .htaccess 文件。
在文件顶部,插入以下代码:
# START FORCE HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</IfModule>
# END HTTPS
当您关闭文件时,它会询问您是否要保存。确认保存。现在您的新 .htaccess 文件处于活动状态,用户将被迫通过HTTPS访问您的站点。
打开浏览器并输入您网站的域。
如果SSL证书正常工作,在Chrome中您会看到一个锁定图标,这意味着该站点正在通过加密的HTTPS协议加载。
其他 SSL 注意事项
即使您的网站运行正常,但一旦您切换到SSL ,某些功能就会中断。
其中之一是如果您使用CDN服务从世界各地的不同服务器提供图像。大型网站利用CDN服务来加快图像加载时间,无论访问者位于世界各地。
由于您的CDN仍通过
HTTP协议提供图像,因此当访问者通过HTTPS访问您的站点时,所有这些图像都会出现损坏。
要解决此问题,您需要登录CDN
帐户、访问SSL设置并添加新的SSL条目。您可以在这些字段中粘贴相同的证书、密钥和 CA 包。
保存此条目后,您网站上的所有图像都将通过HTTPS协议加载并为所有访问者正确加载。
升级您的网站以使用SSL(SSL)证书有很多好处。最重要的是,它确保访问者的计算机和您的网站之间的通信是加密的并受到黑客攻击。
此外,它使您的网站达到最新的网络标准,并确保没有人在访问您的网站时会看到任何安全错误。
How To Get Your Own SSL Certificate For Your Website & Install It
In the past few years, the entire web has
transitioned from an optional secure HΤTP protocol (also known as HTTPS) to a
scenario whеre you can’t have a website todaу without securing it with an SSL
certificate.
This is because google starting displaying a
warning message in its Chrome browser whenever a user would visit a website URL
that started with HTTP rather than HTTPS.
To make sure your website is up to web
security standards, you’ll want to purchase an SSL certificate and install it
on your website.
Determine Your Dedicated IP Address
For an SSL certificate to work, your web
server needs to have a fixed, dedicated IP address. If you have a dedicated web
server, you can usually find this IP address listed in your web hosting
account.
If you don’t see it there, you can also find
the server IP address in the left pane of the cPanel tool.
Make a note of this IP address, since you’ll
need it in the next step when you obtain your new SSL certificate.
Install Your Web Host’s SSL
Certificate
The next step is to obtain an SSL certificate
for your website.
Since all websites on the internet these days
need to use SSL if you want to make sure your users trust your website, many
web hosting providers have started packaging free SSL certificates with hosting
packages.
If this is the case for you, look through the
cPanel menu and look for a tool icon that matches the brand of a known SSL
certificate provider.
For example, the web host Siteground offers
customers a free subscription to Let’s Encrypt SSL certificates.
If this is the case, you’re in luck.
Installing SSL on your site is as easy as clicking on the SSL tool icon,
selecting the domain you want to protect, and enabling SSL for that site.
Once it’s installed, your website will have
SSL installed and will start displaying to visitors as a secure website.
If you don’t see an SSL tool available in
cPanel, contact your web host just to confirm that they really don’t offer SSL
certificates.
If they don’t then you’ll need to purchase one
yourself and install it manually using the steps below.
Purchase a New SSL Certificate
You’ll need to find a good SSL certificate
provider. The cost of this service is relatively cheap, ranging anywhere from
$30 to $100 a year.
Some of the top SSL certificate providers in
the world today include:
- Let’s Encrypt: Free, but requires you to frequently re-upload the certificate to renew it.
- Comodo SSL: Expensive, but offers a long list of extra features.
- Digicert: Inexpensive basic SSL to a pro version for large websites.
- GoDaddy: Well known for their web domain services, GoDaddy also sells website certificates.
- Network Solutions: Provides affordable basic SSL certificates for small sites as well as more expensive options for larger organizations.
- RapidSSL: This service is run by Symantec and offers some of the most affordable SSL options around.
To purchase the SSL certificate, you’ll need
the name of your domain, and the dedicated IP address of the web server that
you noted above.
Once purchased, you’ll receive three pieces of
information.
A Certificate (CRT), which verifies your
secure website’s authenticity from the certificate provider’s servers. A
Private Key (KEY), which serves as the “key” that’s used to decrypt and encrypt
your certificate details when visitors visit your site. The key encrypts
communication between the visitor’s web browser and your web server.
The CA Bundle is the third piece of
information which bundles all of the intermediate certificates that make the
overall encrypted SSL certification work.
Once you have these three pieces of
information from your SSL provider, you’re ready to install the SSL certificate
on your site.
How to Install an SSL Certificate
Log into your web hosting account and open the
cPanel. Under Security, select the SSL/TLS Manager.
In the SSL/TLS Manager window, select the Manage SSL sites link at the bottom.
In the Manage SSL Hosts window, scroll to the
bottom where you’ll find Install an SSL
website. Use the dropdown in this section to choose the host you want to
apply the SSL certificate to. Then, in each field for Certificate, Private Key,
and Certificate Authority Bundle (CA Bundle), fill in the long text entries you
received when you initially purchased the SSL certificate.
Select the Install Certificate button at the bottom when you’re done.
Now your SSL certificate is installed for that
domain, and will work whenever visitors type in your domain with the https in front of it.
Force Site Visitors to Use SSL
At this point, any visitors who’ve already
visited your site will still use the old bookmark that has http in front of the domain. These visitors will still see the
security warning in Chrome that your website is unsafe.
This could cause you to lose a lot of
visitors, since they won’t trust your website anymore and will stop visiting.
You can fix this by forcing the browser of all
of your visitors to modify the URL so that https
is always in the front.
In cPanel, in the Files section, double click the File Manager to open it. Navigate to the root level directory of
your web directory. This is where you’ll find the .htaccess file. Right-click the file and choose Edit from the dropdown menu.
.htaccess is the file that controls web server
behavior when people visit your site. You need to add special code in this file
to force your visitor’s browser to use https instead of http.
Edit mode will open the .htaccess file in the
default editor on your local computer.
At the top of the file, insert the following
code:
# START FORCE HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</IfModule>
# END HTTPS
When you close the file, it’ll ask if you want
to save. Confirm the save. Now your new .htaccess file is active and users will
be forced to access your site via HTTPS.
Open a browser and type in the domain of your
website.
If the SSL certificate is working correctly,
in Chrome you’ll see a lock icon which means that the site is loading via
encrypted HTTPS protocol.
Other SSL Considerations
Even though your website is working properly,
there are some features that will break once you switch over to SSL.
One of those is if you’re using a CDN service
to serve your images from different servers around the world. Large websites
utilize CDN service to speed up image load times regardless where visitors are
located around the world.
Since your CDN is still serving images via
HTTP protocol, when visitors access your site via HTTPS, all of those images
will appear broken.
To fix this, you’ll need to log into your CDN
account, access SSL settings, and add a new SSL entry. You can paste the same
certificate, key, and CA bundle in those fields.
Once you save this entry, all images on your
site will load via HTTPS protocol and load properly for all of your visitors.
There are a lot of benefits to upgrading your
website to use SSL certificates. Most importantly, it ensures communication
between your visitor’s computer and your website are encrypted and protected
from hackers.
In addition, it brings your website up to the
latest web standards and ensures that no one will see any security errors
whenever they visit your site.
