AutoSSL is going to change how webmasters secure data transferred to and from their sites. For the longest time SSL was an additional expense that many webmasters chose to forego as it wasn’t required for the operation of their websites. The time when not having SSL is the norm for most sites is coming to an end. Generally SSL has been reserved for usage by those that send or receive private information such as your name, address, email address, and phone number or even your credit card information.
Google and other search engines are already giving preferable ranking to sites with SSL. For quite some time we’ve offered Let’s Encrypt to our customers so that everybody has access to freely accessible SSL for any site they wish. cPanel has taken this a step further and created what they refer to as AutoSSL. AutoSSL generates and installs a domain validated SSL certificate on all active domains on a server that are not already protected with SSL.
There are several benefits to AutoSSL:
- Installation is automatic with no forms to fill out.
- No more validation emails to wait for and no more links to click to approve the certificate.
- No more certificates to copy and paste into place.
- Coverage will not lapse because the SSL is automatically renewed and installed.
- The SSL is completely free and the encryption is just as strong as a paid certificate.
You may or may not be familiar with the process of issuing an SSL Certificate but generally most certificates are domain validated. This means that when you request the certificate from a Certificate Authority, or CA, they generally will validate the request by sending email to a specific email address at the domain or by verifying the existence of a very specifically named file.
AutoSSL is entirely automatic and requires no human input and, as such, uses the file method for domain validation. AutoSSL will create files within the document root of the appropriate domain, pass those file names on to the CA, and the CA validates the SSL request by loading the file.
You might see CA Validation files and the files used for validation generally look like this:
AutoSSL does not force you to use SSL.
AutoSSL is a fantastic feature and we’re excited to make it available; however, it does not automatically mean that your site will use SSL. Similar to how installing a fire extinguisher in your kitchen means it’s available but not that you are currently using it. AutoSSL installs a certificate and key pair in the web server so that SSL will function properly should you desire to use it. This results in no changes to your sites or how they currently operate without your intervention.
AutoSSL is a fantastic step forward in security for our customers for no additional cost and we are excited to enable this feature. Should you have any generalized questions about AutoSSL you an comment on this post or reach out to support. Should you have any questions specific to your account do please reach out to our support department.
In the event that you do not want free SSL on your site you can opt-out of AutoSSL by reaching out to support.