Installing a Comodo SSL

An SSL certificate creates a secure connection between the web browser and server to allow for sensitive data to be shared via encryption. Most of our clients don’t have an e-commerce website, so it’s more about user perception.

To get started log into the following:

Comodo
The client’s website
The client’s cPanel
Go to Comodo.
1. Add login information to client’s account in Salesforce
2. In the right-hand sidebar, click “All purchases.”
3. Click on the ID number of the certificate you’re installing. (Typically there is only one, but a client may have purchased more for multiple websites.)
4. Scroll to the bottom of the page and click the button that says “Generate Certificate” – it should be on the top left once you get to the buttons.
Now go to the Cpanel
1. Scroll to the Security section of the cPanel and client on SSL/TLS
  1. Select “Generate a CSR”
    1. From the client’s site, click on the Google icon (usually in the footer), to open their GMB profile.
    2. Use this information to complete the required fields back in the cPanel
    3. Click Generate and copy the code
Now go back to Comodo
1. In the domain authentication section, select HTTP file if the client does not currently have an SSL certificate (Select HTTPS file if they already have an SSL.)
2. Click on “download auth file”
3. Paste the CSR code
4. Keep the selections on no for HackerGuardian and HackerProof
5. Type of server: Apache
6. Continue to next screen and click on “Download Auth File”
7. Scroll down and select the checkbox
Go back to the cPanel and upload the Authorization File using the file path: Client Site cPanel > File Manager > Public > .well-known > pki-validation
1. ***Make sure settings are set to show hidden files. The “.well-known” and “pki-validation” folders will need to be created***
Go back to the homepage of Comodo and click on “All Orders” again in the right sidebar
If the certificate says “Active”, click on the order number and select Download Certificate. If it still says “Pending” wait a couple of minutes and re-fresh the page.
1. If it’s not activating, make sure the authorization file is uploaded correctly. Also, Comodo chat is super helpful!
After you’ve downloaded the certificate, unzip the folder so you can access the files. Now go back to the SSL/TLS section of the cPanel and click on the CRT section.
1. Delete any existing certificates
2. About halfway down the page, click on “Choose File” to upload the certificate files.
3. Within the certificate folder you downloaded, choose the .crt file with the domain name, and select upload certificate.
4. It will give a message that the upload was successful, return to the CRT screen and click on “Install” next to the certificate name.
On client’s website:
1. In Settings > General, add the “S” to the URLs. (ex: change http://clientsite.com/ to https://clientsite.com/)
  1. This will trigger the site to go the the wp-admin page and you’ll need to login again. If the site’s login URL is /bigwest instead, you’ll end up on a 404 page. Go to the correct login page (https://clientsite.com/bigwest) and login.
2. When you go to the homepage, check out the icon next to the URL. Depending on the browser there are different messages, but if there is not the padlock icon there download the plugin “SSL Insecure Content Fixer,” go to its settings, and choose “Capture.” If the site is still not fully secure (no padlock icon), go to Why No Padlock and test the domain. Often it’s a background or list image defined in the CSS.
In client’s cPanel:
1. Go to Public > .htaccess, right-click and edit. Paste the following code at the very top of the file, then save and close.
2. RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you get an error of too many redirects…
1. Go to Cloudflare and update the SSL settings to Full (strict)

That’s it, you did it!