Enable SSL (https) for free on your PrestaShop store
SSL is a cryptographic protocol that provides communications security over the Internet. More precisely, it is used to:
- ensure the authentication of the server
- provide the confidentiality of the exchanged data
- ensure intégrity of the data
More clearly this ensures your customers that all data they will enter on your PrestaShop store will be encrypted and secured.
Why enable SSL ?
Beyond the fact that this secures your users data, this will also allow you to maintain or even improve your SEO.
Indeed, Google recently announced that they will now prefer sites with SSL certificates and that they, therefore, will penalize those which do not have one.
So if you want to keep your shop’s SEO intact and take an advantage over your competitors that would take longer to react, just follow the instructions below.
Getting a SSL certificate
Before enabling SSL on your shop, you must acquire a digital certificate issued by a Certificate Authority.
The vast majority of these authorities offer to sell you this certificate in exchange for additional services.
Fortunately, Let’s encrypt (https://letsencrypt.org/) has decided to make available certificates for free. It is therefore this solution that I propose to use.
Enabling SSL on your PrestaShop store can be done in several ways depending on the server on which your store is hosted. I will therefore explain those that seem to me to be the two most common:
- activation on a virtual private server (VPS) or dedicated via SSH access
- activation on a shared server, taking as example those offered by OVH
How to enable SSL on your virtual private server (VPS) or dedicated ?
This method requires that you have an SSH access to your server.
Once connected, you will need to install Certbot.
This will allow you to deploy your Let’s Encrypt SSL certificate and enable HTTPS automatically on your server.
To do so, go to the https://certbot.eff.org/ page, and then in the drop-down menus, select the two items that correspond to your configuration.
As for me, I choose Apache and Ubuntu 16.10 which shows the procedure to follow below the fields.
All you have to do is follow the instructions in the fields with the gray backgrounds of the Install and Get Started parts.
The first line allows to install Certbot
sudo apt-get install python-certbot-apache
The second allows you to configure it
This command line will configure your server and then launch an installation interface. In this interface:
- Choose the domain name(s) for which you want to enable SSL
- Fill in an e-mail address in case there is a problem on your server with your SSL certificate
- Agree with the terms of service
- Finally, select the security mode to apply to your domain:
Easy if you want to allow both http and https
Secure if you desire to allow only https
I advise you to choose the second solution.
And voilà, your certificate is installed and configured for your domain name.
You can check and test your configuration at https://www.ssllabs.com/ssltest/analyze.html?d=e-commerce-doctors.com by replacing e-commerce-doctors.com with your domain name.
However, you still have one last step because an SSL certificate is not eternal. It is therefore necessary to renew it regularly.
To do so, we will create a cron task that will do it for us automatically.
- First, open the crontab editor by using the command
- And add to it the following line that will check your certificate every 12 hours and renew it if necessary
0 */12 * * * ./certbot-auto renew --quiet --no-self-upgrade
- Press Ctrl + X, then Y, then Enter to save this new task
You can now skip to the last part of this article about the activation of SSL in PrestaShop.
How to enable SSL on your shared server ?
I decided to take OVH’s offerings as an example, because for several months the company is offering SSL activation in one click from your customer’s account, in collaboration with Let’s Encrypt.
To do this, log in to your OVH’s account, click on Hostings in the menu bar on the left, then select your domain name.
On the new page, select Order SSL Certificate
Finally, a popup opens, select Free Certificate (Let’s Encrypt) and click on next
Your SSL certificate is now created and configured. Its final activation usually takes a few minutes.
You can now skip to the last part of this article explaining the activation of SSL in PrestaShop.
How to enable SSL in PrestaShop ?
In order to enable SSL in PrestaShop, first go to the Preferences > SEO & URLs page of your Back Office to ensure that the SSL Domain field is fully populated.
In most cases, it is the same as the Shop domain.
Then go to the Preferences > General page of your Back Office to successively:
- Enable SSL
- Enable SSL on all pages
Your PrestaShop store is now secured by your SSL certificate.
Go to your Front Office and you will see that all your urls now show the famous https as well as the coveted little green lock!
Modify your urls
Once the ssl is activated, you have one last step to please Google: make sure that all the links on your shop mention the https.
Indeed, even if PrestaShop manages for you the rewriting of most links: product sheets, categories pages…, if you inserted hard links in your product sheets, in some modules… they will not be changed automatically and Google will not like it.
To avoid this, go to all the places where you have inserted a link to your shop and replace http by https.
In order to facilitate your task and avoid you to forget any link, you can also use my module to search and replace a term throughout your PrestaShop’s database.
The module is available in our shop: https://ebewe.net/shop/fr/modules-prestashop/36-recherchez-et-remplacez-dans-votre-base-de-donnees.html
I hope you have liked this article.
As usual, do not hesitate to ask me your questions and leave your opinion in the comments.
This post is also available in: Français