I’ve written this guide to clarify the situation on Incapsula’s free SSL certificates to host your site on secure HTTPS. And ‘letsencrypt‘ support on Incapsula.
Important notice — Future Incapsula Pro plans will not support non-SNI connections which will make your website unusable for some older browsers (see Incapsula’s ‘Browsers that support SNI requests‘ for details); April, 2024.
This does not affect old customers or if you sign up now to pro.
In modern times paying for secure content delivery is hardly beneficial for most websites; especially since the launch of the free LetsEncrypt SSL movement.
Incapsula Free SSL Certification
Incapsula acts as a proxy between your website and the outside world with one-click support for free SSL certificates (watch a short video on how it works).
Although all plans support free SSL your options differ;
The ‘Business’ level plan is considered best value and it’s the easiest way to protect your website with a personal free SSL certificates provided by Incapsula.
Although the cheapest ‘Pro” level plan certificate is shared with all other customers on the same account level; it is an equally secure option. However there are plans to disable support for web browsers without SNI support in the future.
This change will be a small reduction in value as most browsers support SNI requests and old customers will get to keep support for non-SNI connections.
Business & enterprise plans have the added possibility of using custom SSL certificates (this does not include Let’s Encrypt; more below). But this also requires SNI support from visitors although there is a fallback feature where non-SNI supported browsers will be automatically served a separate SSL certificate from Incapsula that supports older browsers (contrary to the Pro plan in the future).
This does however question the benefit of custom SSL certificates.
Please note that you can also open a completely free Incapsula account which does not support either free or paid SSL/HTTPS level security at all.
Let’s Encrypt & Incapsula
A requested feature has been support for the free Let’s Encrypt SSL certificate authority (alternatively known as letsencrypt).
It is now widely supported by many hosting companies as well as some CDNs to provide free & private HTTPS certification.
Unfortunately Incapsula has no planned support and using it as a custom certificate is not a viable option due to a validity time of just 3 months. Without a cron job for automatic renewals of the SSL certificate; manual renewal is a hard task.
SSL Between Website & Incapsula
It’s important to note that for full website security you will need two SSL certificates for both between your website and the Incapsula proxy as well as the second one provided by Incapsula themselves to connect with the outside world.
If your website hosting provider doesn’t provide free SSL certifications; you might consider transfering over to a company that does/.
See the “list of Let’s Encrypt supported hosting” for more.
Any questions concerning Incapsula’s free SSL certificates;
or getting your CDN working with HTTPS? — comments welcome!
Sincere notice; This blog ‘WebHostWhat’ on occasion contains affiliate links that store additional cookies on your browser to track possible purchases. I may benefit from such transactions without any additional cost on your end.
Much thanks for your support and visit.
Also, please share this post if possible.