Using SSL for Your Website or for E-commerce Stores
SSL (secure socket layer) means data is encrypted between the browser and your files on the server.
As of Feb 2019 all of our Standard Hosting accounts now include at no extra charge a cpanel verified Lets Encrypt issued domain validated 2048 bit SSL certificate for https://domain and https://www.domain and https://mail.yourdomain so you can run your standard website and or shopping cart under SSL and connect securely to your mail server. The free SSL is issued in 3 month increments and automatically renews so you have continuous coverage. You can view the status of your SSL certificate via your cPanel by clicking on the SSL/TLS Status Icon.
Do you need SSL Hosting ?
For personal websites it won't make any difference however for business,sites Google now suggests you run your site under ssl or it will display a site not secure message for users of their Google Chrome browser so for this reason alone you may want to run your site under SSL. For e-commerce sites where you accept credit card or user information its always required.
If you plan to sell goods, services or downloadable items online, we offer many different store scripts that will allow you to build your online store. Every hosting server includes an automated script installer that will allow you to self install any number of Free Shopping Cart and Online Store scrips listed in the e-commerce section or if you wish to build a Wordpress website you can install the popular woo-commerce store plugin that allow you to add products to any page in your site. In addition our Drag and Drop website builder has a simple means of adding Paypal buy it now buttons to any page.
Making Your Site SSL Compatible ?
In order for your site to show the secure lock your site code itself must tell the users browser to go to https:// yourdomain vs just http://yoursite and all content within your web page must be either served directly from your server or where you embed external links those links must begin with https. You can use this excellent online tool to check the status of your site https://whynopadlock.com
Forcing the browser to use https:
WORDPRESS: If your using a Wordpress, in the General Settings set the urls from http:// to https:// . If your site still don't display ssl clear your browser cache. If you still get not secure error its likely due to mixed content, install the free "WP Force SSL" plugin and enable it, this will edit your .htaccess file to force https, update your wp settings and update all non http links for pages and posts so you don't get a mixed content errors.
DRAG & DROP SITE BUILDER: Go to Settings / General Tab and check the "Publish Site with forced HTTPS" box.
HTML OR OTHER CMS SYSTEMS: If your site is plain html then a simple edit or addition to the hidden .htaccess file can be added to force the https redirection. You would use your cPanel file manager, enable display hidden dot files, and edit an existing or create a new .htaccess file and add the following directives:
RewriteCond %{HTTP_HOST} yourdomain\.tld [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.tld/$1 [R,L]
Where yourdomain = your domain name and where tld= the domain tld extension such as .com or .org for example if your domain name is acme.com the file would be
RewriteCond %{HTTP_HOST} acme\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://acme.com/$1 [R,L]
If you have difficulty just open a support ticket and request assistance from our staff who are happy to made the changes for you.
Testing Your site: After updating your site , clear your browsers temp files cache, then can go to https://www.yourdomain.com or https://yourdomain.com and you should see a padlock in most browsers. If you do not go to https://www.whynopadlock.com and enter your domain name and the site will do an analysis and show you if you are not forcing redirect or if your site has mixed non http content and provide you with the areas you need to update to resolve the issue.
Mixed Content: Your site can not mix ssl and non ssl content or links that reference http all links must reference https . This includes the links that map images that are on your server to your website as well as links to external resources.
For example if you have a banner image logo.jpg called by your website html or php code from http://yourdomain/images/banner.jpg that link would not qualify you would need to edit the code to call it from https://yourdomain/images/banner.jpg
The same goes for embedded code, If you had an older Twitter URL that calls to http://twitter.com/feeds/rss.xml The actual feed me at work but until that code is updated to be
https://twitter.com/feeds/rss.xml it will prevent the site from complying with https standards and cause a mixed content error.
https://whynopadlock.com to identify what links are failing so you can edit them to use https . In many cases its a matter of opening the file in the cPanel file manger and using the search and replace option and then saving the changes. if you need help adding the .htaccess code after fixing your links provide the suggested code open a support ticket including the code and specify the domain and our staff will install it for you.
SSL Hosting For Larger Merchants
For users that have small stores we recommend using Paypal as your payment processor because they provide an all in one solution that is popular, trusted with secure checkout included so nothing else is required.
If your going to run a larger online store that will take direct credit card payments for Visa / Master Card / American Express / Discover then you will need :
1. A Domain Name
2. A Hosting Account
3. An Internet Merchant Account (capable of processing card not present online purchases)
4. A Payment Gateway that is approved by your merchant account AND is compatible with your shopping cart.
Merchant Accounts have minimum monthly fees and per charge fees and are generally for high volume merchants that can qualify for the account and justify the added costs. You may want to research which cart you wish to use first and check to see which merchant gateways it is compatible with and verify that you qualify for the Merchant Account before ordering.
Lowesthosting will install your shopping cart or you can do it yourself using the script installer however we do NOT do configuration or customization. These are powerful systems with hundreds of features and options unique to your usage that require initial customization to the look you desire and extensive configuration of various payment gateways, shipping methods, categories, options, and in some cases formatting and importing of existing data. We highly suggest you review the administrative "Store Owner" demos and documentation for each store so you are aware of their requirements. You may want to hire a consultant recommended by the script developers or insure you have sufficient technical skills to get everything setup for your needs.
Advanced SSL Hosting with Site Seal or Sub Domain ?
Our new free Standard SSL can operate on a shared server ip and gives you 2048bit encryption and will display the SSL lock in all standard browsers provided that your website code is forcing the browser to use https and all content is served from your own server or where linked from an external source that source url is also https.
If you desire a more advanced SSL certificate that also offers a site seal (code that displays info about your ssl ) or for subdomains you can optionally purchase a Geotrust Premium SSL with site seal from us for $99 per year which also requires a dedicated ip which is $36/year. Once you are a lowesthosting.com client you can order this as an upgrade via your account portal or by opening a support ticket.
If you are selling just a few items then you may want to use a third party store such as Ecwid or an Embeddable System like Mals-e commerce or use Paypals shopping Cart embed code. If you are a low volume merchant and plan to sell online using only Paypal, then you can install any of the FREE shopping carts listed in your Script Installer and set them up to use Paypal, which has its own secure checkout and doesn't require a private SSL certificate.
If you plan to run a professional online store and have many products or services to sell then you will want to install a professional shopping cart such as Open Cart or Prestashop using the Script Installer and use the auto update and weekly backup options in your cPanel. Running your own hosted shopping cart that directly accepts credit cards using a commercial Merchant account can be significantly more complex than using a third party or Paypal only shopping cart system, however it will give you more control and often more advanced features. This is for high volume merchants who can justify the additional costs and will require 5 different components
1. shopping cart script installed on your server (this can be any of the scripts in the script installer or other commercial shopping cart scripts you supply)
2. credit card merchant account for internet purchases (card not present).
3. payment gateway such as authorize.net (gateways work by passing credit card data between your shopping cart and your merchant account).
4. 2048 bit SSL certificate configured for Mod_SSL on Apache web server. as of 2019 all accounts already include our basic cPanel issued ssl.
5. If you wish to order a more advanced SSL with site seal or for a sub domain please open a support ticket and provide what url(s) you require and our staff shall explain the options and costs.
Upgrading to Dedicated IP Address
By default to comply with ARIN rules we must utilize a shared IP address for all standard hosting accounts. If you are installing an e-commerce shopping cart, or desire to do any type of bulk mailing to a subscribed double opt in email list then you will require a Dedicated IP which is $3/month.
Geotrust Premium SSL
If you've decided to host your own shopping cart using your own merchant account you can use the FREE basic SSL included with all hosting accounts. If you wish to upgrade to a more advanced SSL with site seal you will need b oth a dedicated IP address and an private 2048 bit security certificate. Lowesthosting.com is an authorized Geotrust reseller and offers the Geotrust Quick SSL Premium with free installation for $99 per year.
The certificate includes a smart seal that displays the website name and dynamic date which can be embedded into your website via a small Javascript that you can install on your website shopping cart pages to offer confidence to the users that their credit card information is securely transmitted.
To add the Geotrust SSL with IP to your website contact support to open a support request and our billing department will send you an invoice. Upon payment we shall install your dedicated IP address and certificate and you will then be able to configure your shopping cart with the secure checkout URL of https://www.yourdomain.com