In this post I will explain how to get a completely FREE SSL/TLS certificate to host your website or blog on secure HTTPS with 1and1 — issued by Symantec; one of the most trusted and oldest certificate authorities.
Shortcut –> Click here to find out about 1&1 SSL Starter
Enjoy the review and share your experience of 1&1 in the comments below!
1&1 Symantec SSL Certificates
Looking at the list of Symantec SSL certificates; it only gives you three paid options: SSL Starter ($9.99/first year & then $29.99/year), SSL Starter Plus ($29.99/first year & then $69.99/year) and SSL Business ($29.99/first year then then $69.99/year).
But what’s not clear is that you only need to buy the SSL Starter package for a second domain or each additionally hosted domain name.
Yes: SSL Starter is already provided for free with all these 1&1 hosting plans!
The most basic SSL certificate offers protection for only one domain (enough for most website and blog owners). You can simply go to the hosting control panel and activate the feature with a few clicks and you are done — more about that below.
Quote: The SSL Starter certificate is included in all 1&1 products and offers you 256-bit encryption for a single domain or subdomain (source).
Paid VS Free SSL
There are differences between paid and free; however as a domain validated certificate the level of security (256-bit SSL encryption) is the same. Going free is a great way to save money but it depends on your needs.
Who needs paid SSL?
- You want to prove to visitors that your website is who you say you are with an “organization validated” certificate that connects your business details with your domain — for businesses, organizations and eCommerce sites.
- You are using subdomains with your website, for example: shop.yourdomain.com and not just the main domain: www.yourdomain.com
Who benefits from free SSL?
All website owners can benefit from a SSL certificate which can increase search engine rankings as well as increase general trust and security online. Especially small businesses and even many of those running online shopping sites can create enough security through a domain validated free SSL certificate.
Just make sure that you are not using any subdomains!
Installing SSL Starter
Here are the simple steps to enable HTTPS — just first make sure that you have an active hosting account with a domain attached to it. Also you will need to have the name servers of your domain set to 1and1 (etc: ns-us.1and1-dns.com, ns-us.1and1-dns.us) if the domain is registered elsewhere — more info here.
- Login to the “1&1 Control Panel“
- Under domains: click on “Manage SSL Certificates“
- The list of available certificates should contain the complementary SSL Starter — click on “Not set up yet“
- Select the domain you want to assign the certificate to and click on “Set Up SSL Certificate” button
- It will take some minutes to become enable; refresh the list to see it’s status
- Your hosted domain is now equipped with a free SSL certificate!
After these steps you are ready to enable HTTPS for your website. On WordPress you can simply go to “Settings –> General” in the backend and change the WordPress Address and Site Address to start with HTTPS instead of HTTP.
More: About setting up 1&1 WordPress hosting here
For those who have any questions about setting up HTTPS for your website or about 1and1 hosting SSL/TLS certificates (free or paid), just let me know in the comments below — I will do my best to help out!
Please note: WebHostWhat is affiliated with 1&1 Hosting through CJ Affiliate by Conversant which provided some of the links on this page to track sales for which I receive compensation. This is of no charge to readers, thank you for supporting me!
Hi Tim,
1&1 does have some great plans – especially for the person looking for a nice dashboard and turn key hosting.
The one addition to your article I would make is in way of transparency. The prices listed in the article are for the first year only. The starter goes to 29.99 a year, and both the SSL Starter plus and SSL business go to 69.99 / year after the first year.
Thanks so much for pointing that out Gregory; I have mended the article to display the price in it’s entirety. And yes; I would agree that the intuitive, easy to use dashboard with all-inclusive hosting packages are attractive features there!
Hello Tim,
Would you perhaps know how to set it on my personal project (not using wordpress) so it shows that the website is secured. I bought that simplest plan with 1&1 by the way. Any help would be highly aprciated
Hi Marcel. Yes sure! Is your project just plain HTML?
1. Once you’ve enabled the certificate in the backend; just manually browse to the https version of your site like so: h ttps://www.mywebsite/page.html to see if it’s working correctly.
2. Make sure all images, and links inside the pages are pointing to https. You can easily check all pages with the SSL check tool after step 3.
3. Add this code to your .htaccess file to permanently redirect http to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This file is in the root of your website file directory, usually named public_html.
Hope that helps!
Hi @ Tim
Your suggestion not working for me after installing SSL certificate.
I Used the below as per your suggestion in .htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
It’s not redirecting from non WWW to www.
I get Free SSL Certificate from Comodo & Implemented but Still I’m facing this Issue.
Hi Mathew,
Try this:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.example.com%{REQUEST_URI} [L,R=301]
Works for me 🙂
Tim –
Helping a friend with converting his MyWebSite packaged website to https. I understand the instructions you’ve listed as well as the 1and1 help page. What is not clear to me is how to redirect traffic entered using the http prefix or without any protocol prefix. With the MyWebSite package, there is no access to the files directly, so cannot add a default.asp page for redirection, nor gain access to the .htaccess file. I am hoping you will tell me such redirection is handled by 1and1 without further action on my part. Thanks.
Good question! Seems activating the certificate is very easy. As for making your website ssl-only; I would recommend contacting support to ask them. Although I would expect them to have a setting for it in the backend. But I have no personal experience with MyWebSite unfortunately.
Thank you for your quick reply. I appreciate it. I was concerned that the 1and1 help page discussing http to https was silent on this issue. I will ask my friend to contact 1and1 and see if we can get an answer to this question. If so, I will post it back here for your information. I suspect, however, that I will get my answer by installing the SSL certificate and seeing what happens.
Thanks again.
Tim –
I went ahead with the SSL certificate install on the MyWebSite domain and the process went very smoothly. I am happy to report that the http to https redirection was accomplished as part of the install with no further action on my part. Considering the site in question has over 200 pages, that was good news indeed. Thanks again for your help.
I have to edit the .htaccess file to have it forward to the https site however I can’t edit it directly online so when in download, modfiy, and try to upload back onto the site I get and error over and over again. No further detail than failed to upload. Any idea?
I could be wrong, but I believe that you can edit the file directly through the control panel file manager tool. Have you tried that?