Bluehost Announces Free SSL & HTTPS with Let’s Encrypt for WordPress

Bluehost finally announced free SSL support to provide complimentary HTTPS; but for WordPress only — available on all cPanel enabled web hosting plans: Shared & WordPress Hosting, VPS, etc. In this post I’ll explain how it works.

New! BlueHost has published their own instructions here.

Bluehost Free SSL

Previously provided free shared SSL certification was a joke; but this anticipated move is now the real deal — with it Bluehost says byebye to commercial SSL revenues to make way for the free Let’s Encrypt SSL certificate authority initiative.

The catch is — they say it’s only for those running WordPress.

While still late in the game of providing free SSL/TLS certificates which Let’s Encrypt has been giving out in abundance since the beginning of 2016 — Bluehost is a big hosting company; making a huge favor in paving the way for the rest of the industry that’s still lagging behind and reluctant to give in to perhaps one of the biggest online security movements we are seeing.

Edit: The certificate has been changed from Let’s Encrypt to Comodo PositiveSSL — please, see this post for Let’s Encrypt supported hosting.

Let's Encrypt Logo

It’s not entirely clear why there would be a WordPress only limitation as Let’s Encrypt certificates are domain validated without any dependence on the type of CMS or website; whatsoever. However it is the command from the Bluehost HQ and you will need to buy a commercial certificate for broader support. Some might argue it is a way to keep at least a part of their commercial certificate sales.

But this is still great news (& great SERP rankings) for most customers!

How Bluehost Free SSL Works

Be it Shared Hosting, Optimized WordPress Hosting, VPS Hosting, Cloud Hosting or any other hosting product that utilizes the well known and familiar cPanel web-hosting control panel — this will be a very easy install.

The activation steps are as follows:

1. Once both your account and domain is set up (Bluehost name servers need to be pointing to your domain) — navigate to cPanel’s <<Addons>> section where you will find the <<SSL certificate>> plugin icon.

2. Next you’ll see a list of domains activate on your account where you simply need to select the right domain and click on <<free SSL>> to automatically generate and activate the Let’s Encrypt certificate; ready for use.

Do note that Let’s Encrypt SSL certificates are valid for 3 months at a time. The cPanel add-on however will automatically renew the certificate before it expires. You will receive an automatic e-mail notifying you of it’s success or if there has been a problem in the process (even if it would fail it keeps on retrying).

Enabling SSL on WordPress:

New customers just starting with a fresh install of WordPress will have it the easiest. When using the one-click WordPress installation plugin on cPanel — fill in the website address as HTTPS or if you forgot that.. go to the general settings to change the site address URL to HTTPS. Don’t build your site/blog before!

If you already have content on your website that has been created in it’s HTTP times; this will require a little more planning (and work) because if any piece of content, like mostly images and links are pointing to HTTP; they need to be changed.

Either way it’s well worth it for the increase in Google goodness as well as the fuzzy and secure warm feeling for your website visitors… not to mention your important contribution towards a 100% encrypted internet.

Hope this helps to explain hosting on HTTPS with Bluehost’s new free SSL. Further questions most welcome and will always do my best to help out. Thanks!

Find out more details here!!!

 

Twitter Button Facebook Button Google Button LinkedIn Button

28 comments

  1. Thank you for good writing! But Your outbound links are not working anymore. They are going to the home page.

    Are you sure SSL is free forever? They are showing an expiration date.

    Totally confusing!

    • Hi — Sorry about that! Every SSL/TLS certificate on the planet has an expiration date. And the validity time for these types of free Let’s Encrypt certificates is shorten than usual; just 3 months. But that won’t affect you in any way because it will renew itself automatically well before it expires. So nothing to worry about — it’s easy and free forever.

      Thanks for asking Emily.

    • Just wanted to say that I’ve corrected all of the links and they should be working; going to their rightful places. Thanks for pointing that out!

  2. The renewal is free too? Or will they charge in future? Also, why such a short period of renewal?

    • Yes! Also the renewal is free and automatic of course — so there will be no added costs in the future. The ninety-day lifetime is simply the way these certificates are set to work and Bluehost has no say in the matter.

      As to the why you can read the answer from Josh Aas; the co-founder of Let’s Encrypt.

  3. Thanks for replying! Is it limited to few servers? Can’t find it for my bluehost in my country.

    • No problem! Sorry for the late response; which country would that be? The feature should be available in cPanel on all hosting plans registered through the main bluehost.com website. If not I would contact support.

      The Indian branch at bluehost.in doesn’t support free SSL unfortunately. And neither have they wanted to comment on any plans to implement it in the future.

  4. Yeah Tim! It’s India and they are not reverting to mails too on any future developments.

    Thanks for letting me know.

  5. Please help – the free automatic SSL install apparently updated links to images with https – and apparently updated the image URLs to https as well. But images won’t display on my webpages, and won’t even display on the media library page. How do I fix this problem? Thank you…

  6. Hi, Tried sending the link to the site. Spent an hour on the phone with very nice Bluehost support yesterday, to no avail. Tried several things, but no solution.
    I tried: saving Permalink Settings, installing Correct Audio/Video plugin, deactivated Captcha plugin, installed Velvet Blues plugin, uploaded an image again – but images still won’t display on the site, or in the media library. However, the images really do exist on the server – maybe it’s something within WordPress scripting that directs image file requests to http instead of https – but everything I’ve found has https in it!

  7. Finally discovered the problem in WordPress that prevented images from displaying on the site and in the media library!

    This may not be a fix for others who experience a similar problem, but for what it’s worth, this is what I did:

    Logged into BlueHost cPanel, went to File Manager, Root Directory, Show Hidden Files, then opened the public_html/.htaccess file.

    The last line of code was:
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]

    After figuring out that the F = Forbidden, show “403 Permission Denied”, I simply deleted the F, from that line of code and saved the file. So the last line of code is now:
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [NC]

    Voila! Images instantly appeared on the website and in the media library 🙂

    • Thank you so much for coming back to post the solution; I hope other users can benefit from it. Indeed when it comes to permission denied errors the two most likely culprits are the .htaccess file or file permissions in general.

      Very glad to hear you got it working and sorry for not being able to help you out as I’ve been swamped with work. Best of luck with your site!

  8. My free ssl certificate expired, is there any way of me getting it back? I tried to renew but it isn’t allowing me.

    • Could you please give more details like — how did you enable the certificate? What error message are you seeing? Or would you consider sharing the address of your website? And have you tried contacting support yet?

      Thanks for your assistance Niam.

  9. I’ve a website with the name of http://www.itingredients.com on which I want o deploy Free SSL but I’ve purchased hosting from Bluehost.in and not from Bluehost.com. As per customer services it is only free for customers of Bluehost.com.

    Please suggest any alternate method to deploy free SSL

    • I’m sorry but there is no alternative for your hosting in India. The cheapest option is Comodo’s Positive SSL certificate which costs 1,560 rupees per year.

      For a good hosting company with data centers in India & support for free SSL; I would recommend Host4Geeks Hosting. Thanks for asking!

  10. Hello Tim.

    I forwarded your article to someone I know who host their site with Bluehost.
    They checked your information with Bluehost.
    Unfortunately they do NOT offer Let’s Encrypt certificates.
    However, there is a free option for WordPress users available now, but with Comodo only…

    • Thanks for pointing that out! You are correct and the article needs to be mended. Bluehost has initially informed that it would support Let’s Encrypt but they changed to Comodo instead. Which I think is the best free alternative.

      • Sure think 😉
        Your article is the reason my friends found out about this new opportunity. Somehow Bluehost did not inform its customers.
        May I ask why you think Comodo is better than Let’s Encrypt? I thought it’s the other way around..

        • I wouldn’t say Comodo is any better, as far as the end user is concerned they are pretty much the same (both domain validated & well supported).. But if you need an alternative to Let’s Encrypt I would go with Comodo PositiveSSL.

          Well not surprisingly, they would probably prefer to have customers pay for their SSL certificates.. but competition is pushing for free HTTPS.

          Enjoy! 🙂

    • According to Bluehost this is available on VPS but you need to request for the feature to be added as extra. And they still require your sites to run on WordPress.

      As for Cloud Hosting you need the “Business Pro” plan. Seems that lower level cloud plans “Starter” & “Performance” are not supported.

      And thanks for your comment.

    • Sorry to hear that — I actually don’t have experience with add-on domains. Have you tried contacting support; what did they say? Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *