Beginning July 2018, the new version of Chrome will mark all HTTP sites as ‘Not secure’ and prominently highlight this in the URL bar in an effort to create a more secure internet.
The information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When installed on a web server, a certificate will activate the padlock and the HTTPS protocol to allow secure connections from a web server to a browser. Bluehost now provides free SSL certificates for all assigned and parked domain names set up in your account.
AutoSSL is a cPanel feature that automatically installs and renews Let’s Encrypt SSL certificates for every assigned or parked domain on a Bluehost hosting account. In most cases, the SSL will automatically assign and install itself to your new and existing domains; however, some customers may need to manually enable the certificate.
FAQ
How does AutoSSL work?
AutoSSL is an account-wide setting that can be toggled on and off from within a customer's Bluehost account. When AutoSSL is enabled, a daily cron replaces self-signed certificates and expired (or soon-to-expire) certificates with new Let’s Encrypt certificates. That process also happens immediately for new accounts and for existing accounts when WordPress is installed, AutoSSL is toggled to 'on' in the Hosting SSL Certificates page, or Free SSL Certificate is toggled to 'on' in the Security section of the control panel.
How do I manage AutoSSL?
AutoSSL is automatically enabled when WordPress is installed or the Free SSL Certificate is turned on for an existing WordPress site in your Bluehost control panel. You can disable AutoSSL if you prefer to leave your site unsecured by toggling the Free SSL Certificate to 'Off'. Disabling AutoSSL will not remove the certificate from the account.
How does AutoSSL work with other SSL Certificates?
Any of the usual Comodo certificates can still be purchased for any domains. If AutoSSL is also enabled, the customer will automatically get free Let’s Encrypt certificates for any domain that does not have a Paid certificate If a customer enables AutoSSL, receives one or more Let’s Encrypt certificate and then disables AutoSSL, their website(s) continue to work over HTTPS. However, when their Let’s Encrypt certificates expire, those certificates will not renew on any account where AutoSSL has been disabled.
Will enabling AutoSSL automatically force a site to use HTTPS?
No, AutoSSL doesn't automatically force a site to use HTTPS. This will need to be manually changed (i.e. changing from http://www.domain.com to https://www.domain.com.
Can these certificates be used for email clients?
Not yet. In the future, these certificates will apply to subdomains cPanel automatically creates, including mail.domain.com. Once that feature is in place, you'll be able to use Mail.Domain.com and connect mail clients over secure mail ports.
Can the free AutoSSL and Let's Encrypt certificates be used for eCommerce?
Yes. Customers are welcome to use the AutoSSL certificates for eCommerce if they so choose, but (unlike Paid Certificates) they do not come with a Warranty.
What if I still want the Warranty?
If you would like to have the added liability protection provided by a Warranty, you are still encouraged to purchase a paid certificate through the Control panel.
When will the new free SSL Certificates renew?
AutoSSL will attempt to renew the certificate 25 days before expiration.
Knowledgebase Article 70,669 views bookmark
tags: addons autossl disable enable free security ssl