Bluehost Announces Free SSL & HTTPS with Let’s Encrypt for WordPress

Bluehost finally announced free SSL support to provide complimentary HTTPS; but for WordPress only — available on all cPanel enabled web hosting plans: Shared & WordPress Hosting, VPS, etc. In this post I’ll explain how it works in 2024.

New! BlueHost has published their own instructions here.

Bluehost Free SSL

Previously provided free shared SSL certification was a joke; but this anticipated move is now the real deal — with it Bluehost says byebye to commercial SSL revenues to make way for the free Let’s Encrypt SSL certificate authority initiative.

The catch is — they say it’s only for those running WordPress.

While still late in the game of providing free SSL/TLS certificates which Let’s Encrypt has been giving out in abundance since the beginning of 2016 — Bluehost is a big hosting company; making a huge favor in paving the way for the rest of the industry that’s still lagging behind and reluctant to give in to perhaps one of the biggest online security movements we are seeing.

Please note: There are false rumors that the SSL certificates expire and stop working after three months. This only happens if you have SiteLock enabled.

This means, that Bluehost’s free SSL certificates are not compatible with SiteLock. You need to turn SiteLock OFF for SSL certificate renewal to work properly.

Edit: The certificate has been changed from Let’s Encrypt to Comodo PositiveSSL — please, see this post for Let’s Encrypt supported hosting.

Let's Encrypt Logo

It’s not entirely clear why there would be a WordPress only limitation as Let’s Encrypt certificates are domain validated without any dependence on the type of CMS or website; whatsoever. However it is the command from the Bluehost HQ and you will need to buy a commercial certificate for broader support. Some might argue it is a way to keep at least a part of their commercial certificate sales.

But this is still great news (& great SERP rankings) for most customers!

How Bluehost Free SSL Works

Be it Shared Hosting, Optimized WordPress Hosting, VPS Hosting, Cloud Hosting or any other hosting product that utilizes the well known and familiar cPanel web-hosting control panel — this will be a very easy install.

The activation steps are as follows:

1. Once both your account and domain is set up (Bluehost name servers need to be pointing to your domain) — navigate to cPanel’s <<Addons>> section where you will find the <<SSL certificate>> plugin icon.

2. Next you’ll see a list of domains activate on your account where you simply need to select the right domain and click on <<free SSL>> to automatically generate and activate the Let’s Encrypt certificate; ready for use.

Do note that Let’s Encrypt SSL certificates are valid for 3 months at a time. The cPanel add-on however will automatically renew the certificate before it expires. You will receive an automatic e-mail notifying you of it’s success or if there has been a problem in the process (even if it would fail it keeps on retrying).

Enabling SSL on WordPress:

New customers just starting with a fresh install of WordPress will have it the easiest. When using the one-click WordPress installation plugin on cPanel — fill in the website address as HTTPS or if you forgot that.. go to the general settings to change the site address URL to HTTPS. Don’t build your site/blog before!

If you already have content on your website that has been created in it’s HTTP times; this will require a little more planning (and work) because if any piece of content, like mostly images and links are pointing to HTTP; they need to be changed.

Either way it’s well worth it for the increase in Google goodness as well as the fuzzy and secure warm feeling for your website visitors… not to mention your important contribution towards a 100% encrypted internet.

Hope this helps to explain hosting on HTTPS with Bluehost’s new free SSL. Further questions most welcome and will always do my best to help out. Thanks!

Find out more details here!!!

39 thoughts on “Bluehost Announces Free SSL & HTTPS with Let’s Encrypt for WordPress”

  1. Thank you for good writing! But Your outbound links are not working anymore. They are going to the home page.

    Are you sure SSL is free forever? They are showing an expiration date.

    Totally confusing!

    Reply
    • Hi — Sorry about that! Every SSL/TLS certificate on the planet has an expiration date. And the validity time for these types of free Let’s Encrypt certificates is shorten than usual; just 3 months. But that won’t affect you in any way because it will renew itself automatically well before it expires. So nothing to worry about — it’s easy and free forever.

      Thanks for asking Emily.

      Reply
      • Not true. I just had a website with the SSL expired for 10 days. I found out because it lost ranking in Google Search.
        The autorenew didn’t work and I didn’t get any type of notification from Bluehost.
        When talking to them Bluehost said:
        “You can purchase paid SSL, which will not caused this issue.”

        So, beware. That website was on the first page of Google Search, now all that work is gone. Do not trust Bluehost’s free SSL

        Reply
        • Sorry to hear that. Must be frustrating.

          Anyway, thanks for your input. The renewal is ‘supposed to be’ automatic and is working for others. So really surprised to hear about this.

          You can see my list of free SSL hosting for companies you can trust.

          And it’s true there are better hosting solutions than Bluehost, in my experience FastComet provides much better service, with free website migration and a lifetime free domain name (you can transfer your Bluehost domain to them). And flat low pricing for renewals.

          Also they have email notifications to alert you well before the Let’s Encrypt certificate expires, incase there are any problems.

          Reply
        • I agree with Alex. Nothing is free! My site was without a valid certificate for who knows how long before a customer told me. It did not auto-renew with BlueHost and surely cost me business. Blue Host’s explanation was that it’s free and they are aware it doesn’t work perfectly and I should purchase a cert. Happened twice. Now I purchase!

          Reply
    • Just wanted to say that I’ve corrected all of the links and they should be working; going to their rightful places. Thanks for pointing that out!

      Reply
    • Yes! Also the renewal is free and automatic of course — so there will be no added costs in the future. The ninety-day lifetime is simply the way these certificates are set to work and Bluehost has no say in the matter.

      As to the why you can read the answer from Josh Aas; the co-founder of Let’s Encrypt.

      Reply
    • No problem! Sorry for the late response; which country would that be? The feature should be available in cPanel on all hosting plans registered through the main bluehost.com website. If not I would contact support.

      The Indian branch at bluehost.in doesn’t support free SSL unfortunately. And neither have they wanted to comment on any plans to implement it in the future.

      Reply
  2. Yeah Tim! It’s India and they are not reverting to mails too on any future developments.

    Thanks for letting me know.

    Reply
  3. Please help – the free automatic SSL install apparently updated links to images with https – and apparently updated the image URLs to https as well. But images won’t display on my webpages, and won’t even display on the media library page. How do I fix this problem? Thank you…

    Reply
  4. Hi, Tried sending the link to the site. Spent an hour on the phone with very nice Bluehost support yesterday, to no avail. Tried several things, but no solution.
    I tried: saving Permalink Settings, installing Correct Audio/Video plugin, deactivated Captcha plugin, installed Velvet Blues plugin, uploaded an image again – but images still won’t display on the site, or in the media library. However, the images really do exist on the server – maybe it’s something within WordPress scripting that directs image file requests to http instead of https – but everything I’ve found has https in it!

    Reply
  5. Finally discovered the problem in WordPress that prevented images from displaying on the site and in the media library!

    This may not be a fix for others who experience a similar problem, but for what it’s worth, this is what I did:

    Logged into BlueHost cPanel, went to File Manager, Root Directory, Show Hidden Files, then opened the public_html/.htaccess file.

    The last line of code was:
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]

    After figuring out that the F = Forbidden, show “403 Permission Denied”, I simply deleted the F, from that line of code and saved the file. So the last line of code is now:
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [NC]

    Voila! Images instantly appeared on the website and in the media library 🙂

    Reply
    • Thank you so much for coming back to post the solution; I hope other users can benefit from it. Indeed when it comes to permission denied errors the two most likely culprits are the .htaccess file or file permissions in general.

      Very glad to hear you got it working and sorry for not being able to help you out as I’ve been swamped with work. Best of luck with your site!

      Reply
  6. My free ssl certificate expired, is there any way of me getting it back? I tried to renew but it isn’t allowing me.

    Reply
    • Could you please give more details like — how did you enable the certificate? What error message are you seeing? Or would you consider sharing the address of your website? And have you tried contacting support yet?

      Thanks for your assistance Niam.

      Reply
  7. I’ve a website with the name of http://www.itingredients.com on which I want o deploy Free SSL but I’ve purchased hosting from Bluehost.in and not from Bluehost.com. As per customer services it is only free for customers of Bluehost.com.

    Please suggest any alternate method to deploy free SSL

    Reply
    • I’m sorry but there is no alternative for your hosting in India. The cheapest option is Comodo’s Positive SSL certificate which costs 1,560 rupees per year.

      For a good hosting company with data centers in India & support for free SSL; I would recommend Host4Geeks Hosting. Thanks for asking!

      Reply
  8. Hello Tim.

    I forwarded your article to someone I know who host their site with Bluehost.
    They checked your information with Bluehost.
    Unfortunately they do NOT offer Let’s Encrypt certificates.
    However, there is a free option for WordPress users available now, but with Comodo only…

    Reply
    • Thanks for pointing that out! You are correct and the article needs to be mended. Bluehost has initially informed that it would support Let’s Encrypt but they changed to Comodo instead. Which I think is the best free alternative.

      Reply
      • Sure think 😉
        Your article is the reason my friends found out about this new opportunity. Somehow Bluehost did not inform its customers.
        May I ask why you think Comodo is better than Let’s Encrypt? I thought it’s the other way around..

        Reply
        • I wouldn’t say Comodo is any better, as far as the end user is concerned they are pretty much the same (both domain validated & well supported).. But if you need an alternative to Let’s Encrypt I would go with Comodo PositiveSSL.

          Well not surprisingly, they would probably prefer to have customers pay for their SSL certificates.. but competition is pushing for free HTTPS.

          Enjoy! 🙂

          Reply
    • According to Bluehost this is available on VPS but you need to request for the feature to be added as extra. And they still require your sites to run on WordPress.

      As for Cloud Hosting you need the “Business Pro” plan. Seems that lower level cloud plans “Starter” & “Performance” are not supported.

      And thanks for your comment.

      Reply
    • Sorry to hear that — I actually don’t have experience with add-on domains. Have you tried contacting support; what did they say? Thanks.

      Reply
  9. As far as the auto-renewal that is what Bluehost states but mine expired today. I even received an email billing statement which showed a cost of Zero for my automatic SSL certificate renewal. So, the marketing seems to be working just fine, just not the tech. Disappointing!

    Reply
    • Please note, I figured out that the reason why some peoples certificates are not getting renewed after 3 months is because they have SiteLock enabled.

      The free SSL feature and SiteLock are not compatible with each other.

      Having SiteLock enabled will cause the SSL renewal to fail and your website will neither be completely HTTPS secured for the first months.

      Using SiteLock with SSL requires a very expensive plan which is just not worth it. You are better using BunnyCDN if you need a Content Delivery Network. Or other free or paid WordPress plugins for malware detection and removal.

      Reply
    • Hi. I’d love to if I have the time.

      However, related to this post, I would point out that Dreamhost supports Let’s Encrypt SSL which is the most popular option for free HTTPS hosting.

      And that unlike Bluehost, Dreamhost is an independent hosting company, so friendlier and great attitude. Good luck! 🙂

      Reply
      • Any update on bluehost supporting Lets Encrypt? My current site has SSL, it is a wordpress built site.

        If its still only wordpress, does anyone know if i create a wordpress site through cpanel and then overwrite the main stuff with my site(keeping the parts for wordpress and ssl, would it still hold ssl valid?
        Thanks

        Reply

Leave a Reply to Emily Cancel reply