How to add Free SSL and HTTPS in Joomla!

Google has been working diligently to make the web safer and has currently begun to mark websites that don't have SSL certificate installed as “Non-Secure”. Therefore, it's currently become a requirement to serve your website over HTTPS/SSL to secure your visitors’ information and also indicate that your brand cares about security. There are a lot of benefits to adding an SSL certificate to your website, and that includes improving your search rankings. In this tutorial, let's dive deep into SSL certificates, their types and how you'll be able to set up a free SSL (Cloudflare) on your Joomla! website.

 

What is SSL?

SSL is a protocol used for secure transmission of an encrypted data stream. In short, SSL is the standard for Internet security. A comprehensive explanation of the protocol can be found in Wikipedia.

 

Why is it worth implementing a certificate for a website?

The certificate protects users of our site. It protects (by encryption) confidential data that is served by website visitors. This is very important, among others, in the case of online stores or companies who cares about completed forms. The user feels a lot more trust in seeing any information sent by the web browser about the fact that the site is secure.

Joomla SSL

Can I share a page without an implemented SSL certificate?

Yes, you can. However, don't you feel sorry for all potential customers who will immediately leave the website after seeing the message that this site is unsecured? It should be remembered that these days the consumer is for us, not we for the consumer. If he doesn't make a purchase or doesn't submit a query through our website, he can quickly find another company. And this company will be happy to follow an easy way to convert to an eye-pleasing and secure website, and this will not require an excessive amount of effort.

 

How can I reduce the cost of an SSL certificate to $0?

Cloudflare is helping us. What is this company? The Wikipedia quickly explains Cloudflare to us: 

an American company that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services.

This company allows us to receive an SSL certificate for our site free of charge, but it requires several steps to fully enjoy the address starting with https.

Step #1 Registration

To use the free SSL certificate service, we need to create an account on the Cloudflare website. After displaying the page, click "Sign up" and we are transferred to a simple form in which we must provide your e-mail address and password, and then create an account with the Create Account button. In turn, we will be asked to supply the address of our site, and then confirm with the Add site button.

Step #2 Choosing a plan

The purpose of this article is to show how to implement the SSL certificate on our website for free, and that is why we choose a free plan for $0. However, Cloudflare gives us more options in their packages - they are not usable, however, if we care only for an URL address beginning with https.

Step #3 Change DNS addresses

We log in to the client's panel where we have purchased the domain and move to domain management in which there is an option to edit DNS addresses. If we have a domain and hosting in the same place, we change the settings so that the domain is directed to external DNS's, and then we fill in the fields according to the information that Cloudflare displays to us. After saving these settings, changes can take up to 24 hours.

Step #4 Verification of DNS addresses

After waiting 24 hours (of course, it can happen faster), we use the "Recheck Nameservers" button in our user panel of the Cloudflare website to verify that our DNS addresses have rightly changed. If everything is done correctly and the addresses have changed, we will see information with the active status. This means that we already have a certificate for our site.

Step #5 Check the status of the SSL certificate

Compared to paid certificates, this requires a lot of patience from us, but it is for free and does not look into the donated horse.

Go to the tab named "Crypto" to see all the information about the SSL certificate. At the moment its status probably has a blue dot and it is "Initializing Certificate". That means that we have to wait another 24 hours. It is important to select "Flexible" option in the drop-down list on the right.

Step #6 Redirection

Being on the Crypto subpage, it is worth moving down the page to change the "Always use HTTPS" option to "ON". This will allow us to force the use of HTTPS addresses by users.



Go to the "Page Rules" tab, where we use the "Create Page Rule" button to add the redirection as follows:

In the first text box, enter our domain preceded by an asterisk, and finally after the slash. In the drop-down list, select the option "Always Use HTTPS". After these steps, we save and enable the settings with the "Save and Deploy" button.



From now on, the website URL should default to the green padlock and display as secure. However, if the address is still displayed via HTTP, you must make changes in the CMS panel.

Step #7 Enable Force HTTPS/SSL on your Joomla website

In your Joomla backend navigate to System > Global Configuration.
On the Server tab you would like to set “Entire Site” for the “Force HTTPS” option: