How to Set Up Free SSL (Let's Encrypt/ZeroSSL) on Shared Hosting in 2025

Why Your Website Needs SSL (HTTPS)

SSL (Secure Sockets Layer) certificates encrypt data between your website and visitors' browsers. When SSL is installed, your site loads with "https://" and shows a padlock icon in the browser address bar.

Why SSL matters:

• Google requires it: Sites without HTTPS are marked "Not Secure" in Chrome, scaring away visitors
• SEO ranking factor: Google gives HTTPS sites a small ranking boost
• Trust signal: Visitors trust secure sites more, improving conversions
• Data protection: Encrypts sensitive information like passwords and payment data
• Required for modern features: Many browser features (geolocation, camera access) require HTTPS

Free SSL Options: Let's Encrypt vs. ZeroSSL

Both provide free, trusted SSL certificates. Here's the difference:

Let's Encrypt

• Most popular: Powers over 300 million websites
• Completely free forever
• Auto-renews: Certificates expire after 90 days but renew automatically
• Trusted by all browsers
• Built into most hosting control panels

ZeroSSL

• Let's Encrypt alternative
• Free for basic certificates
• Also 90-day certificates with auto-renewal
• Offers paid plans with extra features
• Good Let's Encrypt backup

Our Recommendation: Use Let's Encrypt if your host supports it (most do). It's easier and more widely supported. Only use ZeroSSL if Let's Encrypt isn't available.

Method 1: One-Click SSL in cPanel (Easiest)

Most modern shared hosting providers include free SSL installation in cPanel. This is the easiest method.

Step-by-Step for cPanel SSL:

1. Log into your hosting cPanel
2. Find the "Security" section
3. Click "SSL/TLS Status" or "Let's Encrypt SSL"
4. Find your domain in the list
5. Click "Install" or "Run AutoSSL" next to your domain
6. Wait 1-5 minutes for installation
7. Refresh the page—you should see a green checkmark or "Active" status

Popular Hosting Control Panels:

Bluehost/HostGator/InMotion: Security → Manage SSL → Install Free SSL

SiteGround: Automatically installs SSL on all sites—nothing to do!

Hostinger: SSL → Order SSL Certificate → Get Free SSL

SiteAmplify: SSL enabled automatically for all sites

Method 2: Manual Let's Encrypt Installation

If your host doesn't have one-click SSL, you can install Let's Encrypt manually using Certbot.

Manual Installation Steps:

1. SSH into your server: Use PuTTY (Windows) or Terminal (Mac/Linux)
2. Install Certbot: sudo apt-get install certbot (Ubuntu/Debian) or sudo yum install certbot (CentOS)
3. Run Certbot: sudo certbot certonly --webroot -w /var/www/html -d yourdomain.com -d www.yourdomain.com
4. Follow prompts: Enter your email for renewal notices
5. Configure web server: Point your web server config to the new certificates (location provided by Certbot)
6. Restart web server: sudo systemctl restart apache2 or sudo systemctl restart nginx

Method 3: Free SSL via Cloudflare

Cloudflare offers free SSL that sits between your site and visitors, encrypting traffic even if your actual host doesn't have SSL.

Cloudflare SSL Setup:

1. Create free Cloudflare account at cloudflare.com
2. Click "Add a Site" and enter your domain
3. Select the Free plan
4. Cloudflare scans your DNS records
5. Click "Continue"
6. Cloudflare provides nameservers—update these at your domain registrar
7. Wait 24-48 hours for DNS propagation
8. In Cloudflare dashboard, go to SSL/TLS settings
9. Set SSL mode to "Flexible" (encrypts visitor-to-Cloudflare traffic)
10. Your site now loads with HTTPS!

Step-by-Step: After Installing SSL

1. Force HTTPS Redirect

Once SSL is installed, redirect all HTTP traffic to HTTPS using .htaccess:

1. In cPanel File Manager, navigate to public_html
2. Find .htaccess file (enable "Show Hidden Files" if you don't see it)
3. Right-click and edit
4. Add this code at the top:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Save the file. Now all visitors are automatically redirected to HTTPS.

2. Update Internal Links

Change any hardcoded http:// links in your HTML to https:// or use protocol-relative URLs (//):

• Before: <img src="http://yourdomain.com/image.jpg">
• After: <img src="https://yourdomain.com/image.jpg">
• Or better: <img src="//yourdomain.com/image.jpg">

3. Update Google Search Console

If you use Google Search Console:

1. Add the HTTPS version as a new property
2. Submit a new sitemap with HTTPS URLs
3. 301 redirects will eventually transfer all ranking signals

4. Fix Mixed Content Warnings

If your HTTPS site loads HTTP resources (images, scripts), browsers show a warning. Fix by:

• Using HTTPS URLs for all external resources
• Using protocol-relative URLs (//) when possible
• Checking browser console for mixed content errors

Troubleshooting Common SSL Issues

Problem: "Your Connection is Not Private" Error

Causes:

• SSL certificate not installed correctly
• Certificate expired (Let's Encrypt certificates last 90 days)
• Domain mismatch (certificate for different domain)

Solutions: Re-install SSL certificate, check domain matches, verify auto-renewal is enabled

Problem: Mixed Content Warnings

Cause: HTTPS page loading HTTP resources
Solution: Update all resource URLs to HTTPS or use protocol-relative URLs. Check browser console for specific files causing issues.

Problem: Infinite Redirect Loop

Cause: Incorrect .htaccess redirect rules or Cloudflare set to "Flexible" with server-side HTTPS redirect
Solution: Check .htaccess rules, ensure only ONE redirect rule exists. If using Cloudflare, set to "Full" SSL mode.

Problem: SSL Certificate Expired

Cause: Let's Encrypt auto-renewal failed
Solution: Manually re-run SSL installation in cPanel, or run sudo certbot renew if using command line. Check cron jobs are set up for auto-renewal.

SSL Certificate Renewal

Let's Encrypt and ZeroSSL certificates expire after 90 days but auto-renew when properly configured.

Verify Auto-Renewal:

• cPanel hosts: Auto-renewal is automatic—nothing to do
• Manual Certbot: Certbot creates a cron job for auto-renewal. Test with: sudo certbot renew --dry-run
• Cloudflare: Handles renewal automatically

Manual Renewal (if needed):

If auto-renewal fails, manually renew:

• cPanel: Go to SSL/TLS Status and click "Install" again
• Certbot: Run sudo certbot renew

Frequently Asked Questions

Is free SSL as good as paid SSL?

Yes! Let's Encrypt and ZeroSSL provide the same encryption as expensive certificates. The only difference is paid SSL offers higher warranty coverage (mostly relevant for e-commerce) and extra validation types (EV certificates showing company name in address bar).

How long does SSL setup take?

With one-click installation in cPanel: 1-5 minutes. Manual installation: 15-30 minutes if you're comfortable with command line. DNS propagation for Cloudflare: 24-48 hours.

Will SSL slow down my website?

Minimal impact (milliseconds). Modern SSL/TLS is highly optimized. Plus, HTTPS enables HTTP/2 which actually makes sites faster than HTTP.

Can I use SSL with shared hosting?

Absolutely! Nearly all shared hosting providers now support free SSL via Let's Encrypt. It's become a standard feature.

Do I need different certificates for www and non-www?

No. Modern SSL certificates cover both www.yourdomain.com and yourdomain.com automatically. This is called SAN (Subject Alternative Name) support.

What happens if my SSL expires?

Browsers show a "Your Connection is Not Private" error and most visitors will leave. Always ensure auto-renewal is working. Set a calendar reminder 60 days after installation to manually check SSL is still valid.

SSL Installation Checklist

Final Thoughts

SSL is no longer optional—it's essential for any modern website. Fortunately, it's also free and easy to set up in 2025. Whether you use one-click installation in cPanel, Cloudflare, or manual Certbot, you can have HTTPS running in under an hour.

If you want hosting with SSL automatically configured, SiteAmplify includes free SSL certificates that install and renew automatically. Your site is secure from the moment you launch—no configuration required.