Knowledgebase : SSL Certificate

Universal SSL uses SNI which is a relatively newer technology than what is used for Paid SSL. Therefore Paid SSL is compatible with all desktop browsers while Universal SSL is compatible with only some modern desktop browsers.

For Universal SSL, traffic from browser will only be encrypted between visitor and CloudFlare. While for Paid SSL not provided by CloudFlare, traffic from browser will be encrypted between visitor and our server.

If you wish to install SSL certificate on your Plesk hosting service with APC, kindly note that you will have to purchase a dedicated IP as it is a requirement in order for the SSL to work.

Kindly visit this link to place the order for the SSL certificate > https://www.apc.sg/ssl-certificates

Once you have placed the order for the SSL, kindly follow this link on how to place an order for dedicated IP > https://www.apc.sg/support/Knowledgebase/Article/View/66/0/how-to-purchase-addon---dedicated-ip

Please proceed to make payment for the invoices generated for the dedicated IP and the SSL in our billing area > https://billing.apc.sg/clientarea.php

Once payment has been made, we will contact you via email regarding the dedicated IP and the SSL certificate. 

If you wish to use HTTPS instead of HTTP for your site, you will need to ensure a SSL certificate is installed in the control panel.

If you do not have a SSL certificate installed, you can consider to either purchase a SSL from APC or install it using Let’s Encrypt in your control panel.

Once the SSL certificate has been installed, you will need to add the following code in the web.config file.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="http to https" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Temporary" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

If you are not sure on how to add the above code to your web.config file, kindly follow the steps below:

-    Visit the site you intend to add the code to ensure the site is currently working with no issue.
-    Login to your control panel.
-   Click on “File Manager”.

 

-    Locate “web.config” file and on the right there is a box, click on it and select “Download” to download the current working web.config file to your local machine. When prompt, select a destination where you can locate the file in the event you need to retrieve the original code.



-    Once you have download the working web.config file, click on “web.config” in the file manager.

-    Select “Edit in Code Editor”

-    If your web.config has an existing code, you will may need to check with your developer if there is any issue if the code is replaced. If there is no issue, you will need to add the above code to the file and when you are done, click on “OK”

-    Kindly use another browser and visit the site. If there is no error the site will show up with HTTPS.

-    However if there are error shown on the page, you may revert to the working site condition by copy and paste the code from the web.config file you downloaded earlier

To generate the CSR for submission to Comodo, kindly use the following:

- Login to your Plesk control panel.
- Click on "SSL certificates".


- Click on “Add SSL Certificate”

 

Fill out the information mentioned in the “Add SSL Certificate” page. The fields marked with an asterisk are required. When you have completed all fields, click "Request" to generate the CSR.

Country: Select your country from the drop-down list.

State or province: Provide the complete name for your state or region.

Location (city): Provide the complete name for your city.

Organization name (company): Provide the legally-registered name for your business. If not applicable, you can put ‘NA’.

Domain name: Enter the fully qualified domain name for which the SSL will be activated. The domain name for Wildcard certificates should be represented with an asterisk in front of the domain (*.comodo.com).

E-mail: Enter your email address. The email used for CSR generation will not be used for domain control validation or for reception of the issued certificate.


You will see a message letting you know that the CSR was successfully created. From this page, you may click the green arrow icon to download the CSR to your local computer, if not click on the certificate created to see and copy the CSR.

Kindly visit the Comodo URL mentioned in the email and paste the CSR you copied in the previous step into the box.

When asked to "Select the server software used to generate the CSR", kindly select "Plesk" from the drop down menu.

Kindly consider to untick the "Free 90-days HackerProof and HackerGuardian" as Comodo may require further verification before sending the certificate to you. 

Once you have submit the certificate, kindly reply to the email and let us know what the domain is so that we may process your order.

Yes, you can purchase SSL from us even if your website is not hosted with us.

1. Go to hosting settings under yourdomain.com and turn on SSL support
2. Next go to SSL Certificates and install the SSL.

Certificate (*.crt) * > www_yourdomain_com.crt
CA certificate (*-ca.crt) > COMODORSADomainValidationSecure

Free SSL from Certificate Authority from Let’s Encrypt and Comodo are automated and open services that allow you to create SSL certificates on your site without any email validation needed. However, there are differences between Free SSL and Paid SSL.

Rate Limit 
There is a rate limit for the number of sub domains Free SSL secures. However for our Paid Wildcard SSL, it allows you to secure unlimited number of sub domains.

SSL Validation Type
Free SSL Certificates are Domain Validated (DV), not Organisation Validated (OV) or Extended Validated (EV).
If you are currently paying for a DV SSL certificate, you can consider setting up Free SSL at no cost. However, it does not come with assurance like Paid SSL does. Moreover, there is also no technical support provided for Free SSL.

For DV certificate, it may not suitable for all businesses in particular, mid-sized to big establishments such as banks and e-commerce business where a high integrity is expected of websites. In such cases, an OV and EV certificate can set you apart from the saturated market of low assurance websites encrypted with DV certificates. If you’re looking at the green bar of assurance, for a higher level of trust, you’ll definitely need to pay for an extra amount for the work needed to validate your company.



Let’s Encrypt is a free, automated, and open certificate authority from the Internet Security Research Group (ISRG). It enables anyone to install a free trusted SSL certificate on their website and benefit from the enhanced security an encrypted connection provides. Let’s Encrypt certificate is recognized as fully verified and will display the padlock icon in the address bar of modern browsers.

Let’s Encrypt SSL certificates are valid for 90 days, but Plesk will automatically renew them once a month.


To install the Let's Encrypt certificate, kindly use the guide below:

- Login to your control panel 

- Click on "Let's Encrypt"

- Ensure a valid email address is entered in the textbox, tick the checkbox "Include www.yourdomainname.com as an alternative domain name" click on "Install".

Kindly note that if you do not tick the "Include www.yourdomainname.com as an alternative domain name" box, then the certificate will be valid only for yourdomainname.com name. If you do check the box, both yourdomainname.com and www.yourdomainname.com will be covered.

 

- Once the installation is complete, you will be back at your control panel and a message will appear saying "Let's Encrypt SSL certificate was successfully installed on yourdomainname.com"

- Click on the "Hosting Settings"  in your control panel and under "SSL support" box ensure the check box is ticked and under the certificate drop down menu, ensure it is selected "Let’s Encrypt yourdomainname.com"

- If you wish to renew the certificate manually, you may do so by logging to your control panel, click on "Let's Encrypt”, click on “Include www.yourdomainname.com as an alternative domain name" and finally click on the button "Renew"

Please note that renewal for the same domain name, it is limited to 5 certificates per domain per 7 days.


If you require any assistance, please send in to support@apc.sg

If you wish to use HTTPS instead of HTTP for your site, you will need to ensure a SSL certificate is installed in the control panel.

If you do not have a SSL certificate installed, you can consider to either purchase a SSL from APC or wait for 24 hours where our system will install the Let’s Encrypt free SSL for you.

There are 2 ways to direct your visitor to the HTTPS version of your site.


The 1st method would be to toggle the switch for "Force HTTPS Redirect" under the "Domains" page in the cPanel control panel. 

Once you have toggled it, the settings will be saved automatically. 

Kindly wait for about 5 minutes for the effect to take place. 


The 2nd method is that you will need to add the following code in the respective .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

If you are not sure on how to add the above code to your .htaccess file, kindly follow the steps below:

-    Visit the site you intend to add the code to ensure the site is currently working with no issue.
-    Login to your control panel.
-    Click on “File Manager”.

-    Click on “Settings” on the right side of the page and tick the checkbox for “Show Hidden Files (dotfiles)” and click on “OK”.

-    If the force of HTTP to HTTPS is for your main domain (eg. Domain.com), navigate to “public_html” folders. Locate the “.htaccess” file. Right click on the file and select “Download” to download the current working .htaccess  to your local machine. When prompt, select a destination where you can locate the file in the event you need to retrieve the original code and save it.

-    If the force of HTTP to HTTPS is for your subdomain (eg. Alpha.domain.com), navigate to “public_html” and follow by subdomain directory (which in this example it is called “alpha”). Locate the “.htaccess” file. Right click on the file and select “Download” to download the current working .htaccess to your local machine. When prompt, select a destination where you can locate the file in the event you need to retrieve the original code and save it.

-    Once the backup .htaccess file is downloaded to your local machine, right click on the “.htaccess” file in the file manager and select “Code Edit”.

-    When prompted, select “Edit”.

-    If your .htaccess has an existing code, you will may need to check with your developer if there is any issue if the code is replaced. If there is no issue, you will need to replace the section under “RewriteEngine On” with the above mentioned code. Please note you may not be seeing the same the code from the screenshot in your .htaccess as they are written differently.

-    Kindly use another browser and visit the site. If there is no error the site will show up with HTTPS.

-    If there is no error on the site and the HTTPS is not showing up on the address bar, most likely there is image/link that have the HTTP hard coded which you can check by using chrome and press F12 on your keyboard to launch the developer tools to check.  

-    However if there are error shown on the page, you may revert to the working site condition by either pressing on your keyboard ctrl + z to undo (assuming you have not close the code edit page) or copy and paste the code from the .htaccess file you downloaded earlier.

A normal SSL certificate secures a single domain name..
 
A Wildcard SSL certificates secures multiple sub-domains of a single domain name. For example, a single Wildcard certificate can secure www.yourdomain.com, blog.yourdomain.com, and mail.yourdomain.com.
 
Wildcard certificates secure the common name and all sub-domains at the level you specify when you submit your request. Just add an asterisk (*) in the sub-domain area to the left of the common name.
Copyright © APC Hosting Pte Ltd. All Rights Reserved.