Adding an SSL certificate is one of the easiest ways to secure your website and gain your visitors’ trust.
At Cloudways, you can install a free Let’s Encrypt SSL certificate in just a few clicks—no technical skills needed.
This guide will show you how to install SSL on both Flexible and Autonomous stacks, so your website runs safely over HTTPS.
Table of Contents:
How to Install Let's Encrypt SSL Certificate?
Installing a Let’s Encrypt SSL certificate on your Cloudways application is a simple and effective way to secure your website with HTTPS.
Let’s Encrypt is a free, trusted certificate authority that provides SSL/TLS certificates to help websites encrypt traffic and improve security.
It’s backed by the Internet Security Research Group (ISRG) and is widely used across the web to enable safe, private browsing experiences—at no cost.
We also have an article that explains what SSL is and why you need one, in case you’d like to learn more before getting started.
Important:
If your application is using Integrated Cloudflare Enterprise, you don’t need to install an additional SSL certificate—Cloudflare already provides end-to-end encryption. However, if you still prefer to add an extra layer of security, you can install the Let’s Encrypt SSL certificate on your Cloudways origin server. This step is optional and not required for HTTPS to work.
Video Tutorials
Install SSL and Enable HTTPS (New Interface)
Watch the following video to learn how to connect your domain and install a Let's Encrypt SSL certificate on Cloudways.
Install SSL and Enable HTTPS on Multiple Domains (Classic Interface)
You can also watch the following video tutorial on installing SSL and enabling HTTPS on multiple domains on Classic Interface.
We support Let’s Encrypt’s initiative and offer an effortless installation and renewal of the Free Let’s Encrypt Certificate for all your web applications.
This utility is included in all the server plans.
Why Choose Let’s Encrypt SSL
The following reasons explain why you should choose the Let’s Encrypt SSL Certificate.
Zero Cost — Let’s Encrypt SSL Certificate is free.
Safe — It is as secure as paid certificates because of its modern security architecture and techniques.
Easy — It is simple and easy to install. There is no need to create any accounts elsewhere, no email validations, and no payments.
Automatic — The entire process of generating, installing, and renewing SSL certificates is done automatically.
Note:
Let’s Encrypt has some limitations for its SSL/TLS certificates to prevent abuse.
Let’s Encrypt only offers Domain Validation (DV) certificates, not Organization Validation (OV) certificates.
How to Install Let’s Encrypt SSL Certificate
Deploying Let’s Encrypt SSL Certificate via Cloudways Platform is very simple.
If you already have an SSL certificate configured on your website, installing another one will overwrite the existing one, as one application can only have one certificate.
Prerequisites
Your website should be live. It means that domains are mapped correctly and DNS records are correctly pointed.
See if your web application is compatible.
Just a quick question! Do you use any Web Application Firewall (WAF) service(s), such as Cloudflare, Sucuri, etc, for your website security? If yes, click on the service name you use, as there are a few prerequisite steps you need to follow. Else, skip to Step #1.
Cloudflare:
If you use Cloudflare, you might need to temporarily disable their protection until the SSL certificate is deployed. Cloudflare is a very well-known reverse proxy service. When opting for their services, you update your default nameservers with their nameservers, point DNS records to them, and then traffic is routed via Cloudflare to your website.
Please remember to purge your Cloudflare cache once the certificate is successfully deployed.
Sucuri:
If you use Sucuri, you need to temporarily disable their protection by simply switching the DNS records back to the server until the SSL certificate is deployed. Sucuri is a very well-known reverse proxy service. When opting for their services, you update your default nameservers, point DNS records to them, and then traffic is routed via Sucuri to your website.
You also need to enable the setting to “Forward Certificate Validation” as this permits HTTPS provisioning to complete successfully. This can be achieved by contacting Sucuri’s support, and then you may deploy the SSL Certificate.
Other WAF Services:
You need to temporarily disable the WAF protection until the SSL certificate is deployed, so be cautious if you are prone to attacks.
Step #1 — Navigate to SSL Management
Log in to the Cloudways Platform using your email address and password.
From the top menu bar, click Servers. Then, choose the target server where your desired application is deployed.
3. Next, click www.
4. Select your application.
5. Under Application Management, click the SSL Certificate.
Step #2 — Deploying SSL Certificate
Under SSL Management, select Let’s Encrypt.
Now, you have two different choices to make, whether you want to cover a single domain or multiple domains with an SSL certificate.
A single domain means one domain only, such as cloudways.icu.
Multiple domains refer to additional domains and subdomains such as cloudways.icu, www.cloudways.icu, support.cloudways.icu, etc, or simply wildcard, e.g., *.cloudways.icu.
Note: Learn more about the domain(s) coverage of different SSL certificates.
Option #1 — Single Domain
First, enter your email address.
Then, enter your desired domain.
Once done, hit Install Certificate. In this example, we are using a root domain of our demo website (e.g., cloudways.icu).
Keep in mind that nowadays, there are still a lot of users that will add “www” to every domain they visit, and if your SSL certificate does not cover it, it will lead to an insecure warning in their browsers, which looks like the following:
In order to resolve this, you must also add the “www” subdomain as an additional domain during the installation of the SSL certificate, as shown in the example below:
Of course, in your case, you would change “example.com” and the email address to the ones you are using. This will now resolve the insecure warning in the browser when visiting the domain with the “www” subdomain.
It is also important to mention that you should make sure that the “www” subdomain is pointing to your server’s IP via an A record or as a CNAME pointing to the primary domain or else it will not resolve and can not be added to the SSL certificate. You can read about how to point your domain to us here.
That's it! Your application will have a Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Option #2 — Multiple Domains
You have two choices regarding securing multiple domains, such as Multi-domain (SAN) Certificate and Wildcard Certificate.
Multi-domain (SAN) Certificate vs. Wildcard Certificate
SAN refers to Subject Alternative Name, and a Multi-domain (SAN) Certificate allows the root domain and multiple domains (additional domains and subdomains) to be protected with a single certificate. You need to list down and declare all your domains when installing the SSL certificate.
A Wildcard Certificate lets you secure the root domain and multiple subdomains with just one certificate without listing down and declaring all your subdomains.
In many cases, the Wildcard Certificate makes more sense than a Multi-domain (SAN) Certificate because it allows unlimited subdomains.
In addition, you don’t need to redeploy the SSL certificate if you want to add more subdomains in the future. Read more about the Wildcard SSL Certificate.
Multi-domain (SAN) Certificate
First, enter your email address.
Add your domain in Domain Name. You can add additional domains by clicking Add Domain.
Once done, click Install Certificate.
Note:
Please note that one Let’s Encrypt SSL Certificate can only accommodate 100 SANs (additional and subdomains), and this restriction is set by Let’s Encrypt. Read more about Let’s Encrypt limitations.
Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Wildcard Certificate
First, enter your email address.
Add your root domain (without any prefix, e.g., “www”) in Domain Name.
Now, Apply Wildcard.
Important:
Let’s Encrypt Wildcard SSL Certificate requires DNS authentication. You need to create a CNAME record for your domain in your DNS/Domain registrar panel, so follow the steps below for comprehensive instructions.
4. You need to create a CNAME record with the below information in your Domain/DNS provider panel for the DNS authentication process.
Record Type: CNAME
Host/Name: _acme-challenge
Value/Alias: Your Cloudways’ default Application’s FQDN (Fully Qualified Domain Name). It is available on the same screen, as shown in this image.
TTL: ‘Time To Live’ is a propagation time. You can either choose the default value or 600 Seconds (or 10 minutes).
Note: DNS propagation usually takes 5 minutes, but sometimes it can take up to 24 hours.
New on Cloudways!
Experience Autonomous – Our Fully Managed, Kubernetes-Powered WordPress Hosting with built-in autoscaling for peak performance.
How to Check CNAME Record Propagation
You can use any third-party tool, such as whatsmydns to check the record propagation.
First, input your website URL with the prefix _acme-challenge, e.g., _acme-challenge.cloudways.icu.
Choose CNAME.
Hit Search.
Here, it shows that the CNAME record is successfully propagated.
Once the CNAME record is successfully propagated, proceed further by clicking Verify DNS. You should see a message confirming the same.
Finally, click Install Certificate.
Your application will have Free Let’s Encrypt SSL Certificate deployed in a few minutes. You may also be prompted to force HTTPS redirection.
Tip:
If you would like to update your root domain in the future, you need to revoke your existing certificate and deploy a new one.
We recommend that you do not delete the CNAME record because it will affect your SSL certificate’s renewal process.
How to Force HTTPS Redirection
It’s time to force HTTPS redirection to ensure that your site always runs on a secured protocol. Once prompted, click Enable HTTPS. Please note that you can also force HTTPS redirection later as well.
Note:
It is not mandatory to force HTTPS redirection using the Cloudways Platform if you have previously set it up using any firewall such as Cloudflare, Sucuri, application plugin, etc. However, if you want to force HTTPS redirection from the Cloudways Platform, you need to disable any redirection mechanism working elsewhere first.
Here comes the next step of verifying your SSL certificate to ensure that your certificate is configured correctly.
How to Verify SSL Certificate
We highly recommend that you verify your SSL certificate, and we have created a self-explanatory guide for it.
Verification is done so you can ensure that the SSL certificate is configured properly.
How to Renew Let’s Encrypt SSL Certificate
Let’s Encrypt SSL Certificate expires after 90 days of validity. Nonetheless, Cloudways Platform makes it super easy to renew your SSL certificate with automatic and on-demand renewal options, so your sites always remain protected.
Auto-Renewal
This option is selected by default when you install the certificate. Cloudways Platform will automatically renew your SSL certificate before 30 days of the expiry date. We recommend using the auto-renewal option, so you don’t have to renew the certificate every time manually.
Tip:
If your SSL certificate is not renewing automatically, then take a look at this guide to troubleshoot the problem.
On-demand Renewal
You can also renew your SSL certificate manually using the on-demand renewal option. Click Renew Now to renew your certificate and extend its expiry to 90 days.
Note: Use our WordPress hosting and avail the Let's Encrypt SSL certificate free of cost.
FAQs
Is Let’s Encrypt a paid service?
Let’s Encrypt SSL Certificates are free to deploy and renew as a part of all our server plans.
How many domains can I secure using the Let’s Encrypt SSL Certificate?
One Let’s Encrypt SSL Certificate can accommodate a maximum of one hundred SANs (Subject Alternative Names). This is the limitation of Let’s Encrypt. Alternatively, you can also use the Let’s Encrypt Wildcard SSL Certificate.
How long is the certificate valid?
Let’s Encrypt SSL Certificate expires after 90 days of validity. You can either set the instructions for renewing the SSL certificate automatically or do the on-demand renewal when you are close to the expiry date.
How does the auto-renewal process work?
If you have enabled the auto-renewal feature, it will automatically renew your SSL certificate before 30 days of the expiry date. Therefore, you do not have to renew the SSL certificate manually.
How many certificates can I install on one application?
Only one Let’s Encrypt SSL certificate can be installed per application.
What type of encryption is available in the Let’s Encrypt SSL Certificate?
It is RSA-signed using 2048-bit RSA keys.
Are wildcard certificates available on the Cloudways Platform?
Yes, Cloudways Platform also offers Let’s Encrypt Wildcard SSL Certificates.
Do browsers trust let’s Encrypt Certificate?
Yes, it is trusted by most browsers.
I already have my SSL Certificate installed. Can I install Let’s Encrypt?
Yes, you can. Let’s Encrypt SSL Certificate will overwrite the existing certificate.
Can I use Cloudflare or Sucuri over the Let’s Encrypt SSL Certificate?
Yes, you can, but the Cloudflare or Sucuri certificate will take precedence, and upon verifying your certificate, you will also see their certificate.
That’s it! We hope this article was helpful.
Need Help?
If you need assistance, feel free to:
Visit the Cloudways Support Center
Chat with us: Need a Hand > Send us a Message
Or create a support ticket anytime.
We're here 24/7 to help you!