We all know how important website security is, right? We hope you said “yes” because it is essential and one of our major priorities here at FastComet. That is why, with a heavy heart, we must inform you that one of the most used tools within our security arsenal will cease being a part of our services. The FleetSSL (better known as the Let’s Encrypt tool) plugin for cPanel is deprecated and will no longer receive updates. Therefore, we must move on from using it as it will pose a security risk to our customers. Wouldn’t that be ironic? It is not all glum news, though, as AutoSSL is here to pick up the reins!
Starting from May, the Let’s Encrypt tool in cPanel will no longer be available. The Let’s Encrypt certificates themselves will remain, though! The AutoSSL feature cPanel offers will be issuing and renewing them from now on. We are keeping Let’s Encrypt as the default SSL certificate vendor for AutoSSL and it will handle all your existing certificates. With that said, let’s dive deeper into what exactly will happen in the following weeks and what exactly AutoSSL is.
Importance of Website Security
Firstly, discussing why website security is so critical nowadays is prudent. It is no longer rare to hear about a famous website getting hacked, information leaking, or any other such incident involving a breach in security. For example, X (Twitter) got hacked last year, and over 220 million user emails were leaked. Or what about the Activision breach, where the attackers obtained access to sensitive company and employee information? Or the Bank of America breach from just this February, which exposed tens of thousands of customers’ data. The internet is a scary place, and we must not shirk website security.
Fortunately for us, countless companies solely aim to bolster and fortify users’ websites against such cyber attacks. They are there to keep the bad actors and malicious parties at bay and to prevent these attacks. For most of us who own websites and do business online, website security is not an option but a necessity. If you work with any customer information (names, phone numbers, email addresses, etc.), it is your responsibility to store it securely and protect it from getting stolen or leaked. Personal information is all over the internet nowadays, with users providing it left and right with nary a thought, trusting (or not caring) that it will not get leaked.
That is why we, as a hosting company, focus so much on providing our customers with reliable, solid solutions to secure their websites. An SSL certificate is one of the most common and best ways to protect your website, and in this blog, we will explore how you can do that.
What is an SSL Certificate?
But what exactly is an SSL certificate? Simply put, it enables websites to use HTTPS, which is far more secure than HTTP. It consists of a data file stored on the website’s hosting server. It contains a public key, the website’s identity, and other related information. On the other hand, the server houses a private key. It is used to decrypt the public key when a client accesses the website. If the keys match, your browser will show you that this website is secure, and you can proceed safely.
As for what SSL itself is, it is very simple. Firstly, it stands for Secure Socket Layer, and secondly, it is an encryption-based security protocol. The protocol encrypts all data transmitted through it. If anyone intercepts that data, all they see is nonsensical gibberish they cannot use. To encrypt all incoming and outgoing data your website uses, you only need to install an SSL certificate, and the protocol will do all the rest. You can imagine how such encryption would be vital nowadays, with people’s credit card numbers, names, emails, phone numbers, etc., just flying all over the internet. So much so, that Google actually made HTTPS mandatory if you want your website to appear in their search results.
But how do you install an SSL certificate?
What Was FleetSSL?
FleetSSL was a highly reliable and convenient cPanel plugin that allowed for installing Let’s Encrypt SSL certificates. The Let’s Encrypt SSL certificates are incredibly reliable themselves, widely recognised, and – best of all – entirely free. Our customers probably knew the FleetSSL as the Let’s Encrypt tool in cPanel.
It was a fantastic tool that allowed users to issue SSL certificates with ease. However, as of September 2023, the development of the FleetSSL plugin has ceased, and it will no longer receive updates. So far, the admittedly outdated plugin has been working with the newer versions of cPanel. However, it is time we say “goodbye” to it. Using such an outdated plugin is not only a security risk but could also start conflicting with the newer versions of cPanel.
That said, the plugin will persist throughout the rest of April and we will remove it from our services on the 1st of May. However, do not fret—we will continue to provide free and reliable SSL certificates. Enter AutoSSL.
AutoSSL Taking Over
If you read the announcement we linked above, then you already know why the FleetSSL developers are discontinuing it. AutoSSL has come far enough for the FleetSSL developers to be content with its functionalities and recognize that their own plugin is now obsolete. While we hate to see the plugin go ourselves, we are also happy to see that the online community recognises AutoSSL to be as reliable as FleetSSL when it comes to issuing certificates.
What is AutoSSL?
AutoSSL is an elegant solution for SSL certificate installation that comes with every cPanel or WHM. It was released with cPanel/WHM version 58, which was a long, long time ago. As of this post, we are on version 120. It has gone through many iterations, changes, and updates and has become one of the best ways to install SSL certificates on your websites and automate the process.
And that is precisely what AutoSSL is: a cPanel/WHM feature that checks your domains for an SSL certificate. If not, it installs one automatically from a predetermined vendor without the need for user intervention.
Advantages of AutoSSL
AutoSSL is not the only way to install an SSL certificate via cPanel. We have a whole tutorial on how to do it. However, it does have a number of advantages over manually installing a certificate, which make it stand out significantly.
- Automation – AutoSSL will automatically check and install SSL certificates on your domains. It will also renew them for you. You can genuinely forget having to manage your website’s SSL certificates once you add it to AutoSSL;
- Reliability – Here at FastComet, we provide our customers with tried and tested features and functionalities, and AutoSSL is no different. We have thoroughly analyzed and assessed the feature’s performance and reliability. We can confirm that it will keep your websites and their data secure;
- Free – The feature is absolutely free for each cPanel user. Since cPanel is what our services use exclusively, you don’t have to pay anything extra to get this stellar service;
- Ease of Use – Assigning domains to be managed by AutoSSL is elementary and straightforward.
Speaking of using the AutoSSL feature, here is how!
How to Use AutoSSL
It is straightforward. Firstly, as with any other automated feature for issuing SSL certificates, you must ensure the domain receiving the SSL certificate points via A record to the issuing server. In other words, you must host your domain on the server issuing the certificate. If you are hosting your domain on our services, then it likely points to the server your account is on already.
Next, it is time to add your domain to AutoSSL itself. Go to SSL/TLS Status in your cPanel to do that.
Here, you will see all the domains hosted on this cPanel account and their subdomains. There is a search bar at the top, some filters, and you can add domains to, or remove them from, the AutoSSL cron job, which checks for certificate validity and ultimately issues or renews them. Alternatively, you can exclude a specific domain or view its certificate with the buttons beneath it. Finally, you can also manually run the cron job, which will install or renew any certificates as necessary.
Once you have chosen the domains to add to the cron job, hit Run AutoSSL, and the system will handle the rest. Depending on how many domains you have selected, it may take a bit. If they all point to the correct server, there will be no issues. When finished, you will see those green circles and locks indicating the domains are secured. If any errors occur, you will see the appropriate message. If you need help, please contact us via chat or ticket, and our 24/7, always-human support will assist you.
There truly isn’t much else to say about using it. It is as simple as telling it which domains to keep track of, and it does everything else itself!
Let’s Encrypt Is Not Gone!
Just because we stopped using the plugin does not mean we have severed all ties with the Let’s Encrypt certificates themselves!
We have been pleased with the certificates’ quality, reliability, and freeness. While they are not the pinnacle of SSL certification (their certificates are only Domain Validated), they have proven themselves the perfect SSL solution for the average website owner. That is why we have set the default vendor for all AutoSSL certificates to Let’s Encrypt. That means each time AutoSSL issues or renews an SSL certificate for you, it will be a Let’s Encrypt one. Not only that but Let’s Encrypt also provides Wildcard SSL certificates, in case you have a Wildcard domain.
Even though the FleetSSL plugin will no longer be in your cPanel, AutoSSL will take even better care of your domains.
Security Practices to Compliment the SSL Certificate
This post has solely focused on the SSL certificate side of website security, and with good reason! It is important! However, it is not the only element of website security. Technology has advanced so much that an SSL certificate is only part of the puzzle when it comes to properly protecting your website and its users from hackers.
That is why we figured we would include this section in the blog post. To offer you an overview of what else you can do when it comes to website security. Here is a short, concise list of additional measures you can take.
- Regular Software Updates – Ensuring your website’s software is up-to-date is vital. If you are using any sort of third-party software (like a CMS, plugins, extensions, themes, etc.), you must apply any new updates that come out as soon as they are convenient. Outdated versions are a security risk. The developers have not patched their vulnerabilities which attackers can exploit. You can check out our blog post on the topic here;
- Security Plugins/Extensions/Modules/Etc. – Whether you are using a CMS, like WordPress, for instance, a framework like Laravel, or a runtime environment like Node.js, always try to install some form of a security layer. WordPress has plugins, Laravel, and Node.js can have whole security packages or built-in features, and so on. Depending on the software your website is built on, you should do some research and find out what security layers you can add;
- Strong Passwords and 2FA – Try to enforce strong password policies and encourage the usage of 2FA, not just for yourself and your staff, but for all your registered users. Hackers can easily get through weak passwords, while the lack of 2FA makes it much easier for attackers to access an account. For example, our services not only offer 2FA, but we also implemented a tertiary login security feature as a one-time password. We also demand a specific level of “strength” of our customers’ passwords;
- Web Application Firewall (WAF) – A WAF will help protect against common web exploits, such as SQL injection, cross-site scripting, etc. It acts as a monitor and a filter between your application or website and the rest of the internet. It should stop most common attacks coming in;
- Regular Backups – This one is not strictly security-oriented, but it can help if your website gets hacked. A solid backup strategy can save you the headache of hunting down any malicious file or code yourself. Just restore the website to how it was before the attack! If you are a FastComet customer, you will get daily backups of our plans!
You can do many other things to bolster your website’s security: HTTPS on all its resources, file permissions, security headers, file upload limits, etc. However, what we have outlined above should be sufficient for most cases. If your website is on the bigger side and you process a lot of customer data daily, then you should absolutely consider additional or higher-quality measures.
Secure That Website!
As we wave goodbye to FleetSSL, we strongly encourage you to use this moment to check up on all your domains and their SSL certificates. Have a look at AutoSSL, learn how to use it (it isn’t difficult at all), and ensure you add all your domains to it. SSL certificates are imperative nowadays. Fortunately for our customers and anyone using cPanel, it is now easier than ever to issue one!