SiteGround Auto-Issues Let’s Encrypt Certificates for New Domains

SiteGround is now auto-issuing Let’s Encrypt certificates for every domain hosted on its shared servers. The company has also begun issuing and installing certificates on new accounts automatically after customers register domains or direct new domains to SiteGround’s servers. This also includes add-on domains added in cPanel. The certificates are also auto-renewed as long as the domains are pointed to the host’s servers.

“Since the launch of Let’s Encrypt our customers have installed nearly 40,000 such certificates,” said Hristo Pandjarov, WordPress specialist at SiteGround. “This is less than 10% of the 500,000 domains we host. Together with the paid certificates we may say that 15% of the domains we host were using the HTTPS protocol before we started the auto-issuing procedure.”

SiteGround is a sponsor of Let’s Encrypt and one of the first to auto-issue certificates to self-hosted WordPress customers. Let’s Encrypt passed 20 million active certificates in 2016 and the pressure is on for more sites to adopt SSL in 2017 with Google marking insecure sites in Chrome and using HTTPS as a ranking signal.

“What prompted this decision is that we truly believe HTTPS is the future standard for web protocol and we also believe it is the better protocol,” Pandjarov said. “This is a good enough motivation for us to take the step of installing it automatically. We have decided to automate the SSL issuance and setup almost right after the appearance of the Let’s Encrypt initiative. Matt Mullenweg’s statement at WordCamp US that issuing SSL certificates will be a very important factor in evaluating a web host, was one more validation that this planned automation was a decision in the right direction.”

According to Pandjarov, the vast majority of SiteGround’s customers are running WordPress. Respondents to the company’s 2016 client survey indicated that more than two thirds of them use WordPress, which Pandjarov said is a 10% increase in the popularity of WordPress among SiteGround users.

Next Step for SiteGround: Pre-Configuring WordPress Installs to Use SSL with One Click

Auto-issuing certificates does not guarantee that SiteGround customers will jump through the hoops to configure their sites to use the certificates. Installing a certificate on an existing WordPress site is not as straightforward as a simple click in most cases. SiteGround is working on fully automating this process for its WordPress customers.

“If we really want to get closer to 100% HTTPS usage, we need to do more than just automatically issue the certificate,” Pandjarov said. “Our next step is to provide a way to pre-configure an active WordPress site, hosted on our servers, to work with the already issued SSL with one click. Additionally, our auto-installer is being updated to install all new WordPress sites as https-ready.”

SiteGround doesn’t yet have an ETA for one-click SSL configuration but Pandjarov said the announcement will be coming soon.


19 responses to “SiteGround Auto-Issues Let’s Encrypt Certificates for New Domains”

  1. Re: Additionally, our auto-installer is being updated to install all new WordPress sites as https-ready.”

    New websites with not content – not much of an issue.

    Existing websites auto install and configure all internal links and WordPress settings without customer involvement… A nice challenge (not sure it’s even possible).

  2. Hello guys. Besides the article looks a bit biased, I just wanted to mention that all cPanel based hosting providers are actually entitled to auto issue Let’s Encrypt certificates. And to auto renew them too. We started doing that in past November.

    We also preconfigured Softaculous to choose https protocol by default for new installations.

    So, if your provider is based on cPanel and still not providing Let’s Encrypt certs, just ask them to enable that NOW. Because it’s just a switch to turn on for the cPanel sysadmin ;)

    Also, in a couple month from now, cPanel v62 or v64 will automatically issue the certs as soon as you create the account.

    So, credit must be given: say thanks to cPanel awesome staff of engineers for making this integration possible :)

    Best regards

    • We’ve developed our own Let’s Encrypt integration back in February 2016. Also, we were the first provider to enable certificates installation with a single click and renewal that is activated automatically without any further interaction required.

      AutoSSL wasn’t available in stable, public release until August 2016 and again – it requires manual action to install the certificate.

      Right now, we’re automatically installing certificates on all new domains, added to our accounts – something that none of our competitors does. Or at least the ones I am aware of.

      Of course, in months to come, tools will be released and more people will add them to their services. Which is good, because eventually, more people will have encrypted websites. However, we’ve always strived to stay ahead of everyone else and adopt the technology we need and believe is beneficial for our customers first.

  3. That’s great news – really great to see SiteGround blazing the way here… are there any other hosts about to do this yet I wonder…? It’s only a matter of time until we’ll see this as completely standard practice I guess, hopefully (although I’ll bet it will take a fair number of hosts quite a while to catch up). :)

  4. I don’t know if this is good news or bad news. The biggest problem with Let’s Encrypt is that it democratizes access to https for anyone. And while, on the surface, this should be positive, the fact that this will make things easier for people with bad intentions scares me a little bit.

    Most websites visitors won’t know the difference between the https “green bar” with just a padlock and the one which includes the company name next to the padlock. And they will give them the same level of trust.

    What most people don’t realize is that a secure connection to an untrustworthy website doesn’t mean it’s safe to use.

    I’m curious what SiteGround, or any other web host, have to say about this.

    • I personally don’t think that this is a problem at all since cheap, domain-validated certificates have been around for ages and any site can purchase and install those.

      Encrypted connection protects visitors from a variety of attacks and possible exploits. Now, whether they will willingly to to a dangerous site is up to the given individual to decide. I don’t really think that someone will decide to share information or even make a purchase solely because of a green padlock in their browsers. On the contrary, a red “INSECURE” label is scary enough at least to make them check twice whether that’s a legitimate website :)

  5. How are they going to do this? I have a lot of questions… Does SiteGround plan to fix all the mixed media, broken links and other transitional issues that arise from a website HTTP to HTTPS migration? Will they readjust Google Search and Analytics settings to be applied to the HTTPS website?

    What if a business wants an OV or EV certificate? Or, a cert from a different CA? Will they have to clean up the Lets Encrypt mess before installing those certs?

    • Right now, we’re working on a way to reconfigure WordPress, fix all mixed media resource requests and force the https usage with the push of a single button.

      Since we don’t have any access to Google service, that will be up to the customer to edit and fix.

      As to your other question, we will continue selling wildcard and EV certificates. The customer doesn’t have to uninstall the LE certificate manually and install the new one – we will take care of this :)

  6. I’ve been considering a switch from HostGator to SiteGround. This policy-practice-provision tips my scales further toward SiteGround. And Hristo’s helpful, polite interactions here almost push me headlong into the jump. :D Thank you, sir, for staying classy with your answers.

  7. At least this explains what I’ve been seeing suddenly in site audits for non-converted sites.

    There are two instances of AWStats now, one for SSL and one for non. Bots are hitting on the SSL version.

    And because of the way the server listens on the different ports, there is no redirect to the http version.

    Seems to me that bots, including bad ones, can now run end around any security measures or firewalls set up for the http version, all without the site owner’s knowledge.

    And, should a host, that doesn’t offer managed hosting services, take it upon themselves to convert sites? There’s a LOT of things that can be adversely affected, like a podcast or RSS feed. Not to mention the changes that need to happen for 3rd party accounts, like Google. No instructions are given to the clients for that.

    Plus, when they do convert just a database, is relying on a plugin the best method for mopping up the rest of the mixed media and other issues? I don’t think so.

    I understand about wanting to make things easier on non-techie site owners. But, I’m not sure this is the best way to do that.

    • What we’re trying to do is to provide our customers with a “single-click” solution to enable, configure and force the https usage on a WordPress website. I don’t see us forcing https on all customers any time soon to be honest because as you said, that would affect a lot of different scripts. I think that would happen natually in the course of time, especially when certain features in WordPress become available only for sites with SSL configured.

      As to your security concerns, if a firewall relies on http requests, it’s simply not a good firewall and I would look for an alternative. Besides, we wouldn’t do such change without informing our customers beforehand.

  8. I switched to SiteGround a couple months back for a few reasons and it’s been mega cool.

    Used the Let’s Encrypt feature the other day and it was a complete walk in the park.

    WooCommerce SSL check-out in under 3 minutes – nice.

    Totally recommended.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: