This guide assumes that you are using a free Lets Encrypt SSL Certificate which can be set up by following our guide at https://faq.redit.co.uk/knowledge-base/how-to-enable-lets-encrypt-ssl-certificates-on-redit-shared-hosting-accounts/ or you have already installed either a Wild Card SSL Certificate or an SSL Certificate that matches your eMail domain address.

To enable SSL on your eMail accounts you will need to logged into your redIT Hosting account which you can do by following the guide at https://faq.redit.co.uk/knowledge-base/logging-into-your-redit-hosting-account/

Once you are logged into your redIT Hosting Control Panel from the left hand menu bar expand the “WWW” section and click on the ‘SSL Certificates‘ item.

In the main panel you should now see the ‘SSL Certificates’ page which will list any current SSL Certificates, make a note of the ‘SSL Certificate Name‘

From the left hand menu now select ‘Mail Domains‘

Left click on the domain that you wish to add the SSL Certificate too in the main screen and click on the ‘Edit‘ button from the top bar option.

On the last page ensure that there is a tick in the ‘Secure connection (SSL)‘ box. If there is not already the ‘Alias for certificate‘ and ‘SSL-certificate‘ options will now appear.

The ‘Alias for certificate‘ should be the address that you enter into your eMail client to collect your eMail via which is normally your domain name with ‘mail.‘ infront of it so for our example here it is ‘mail.redit-example.co.uk’

The ‘SSL-certificate‘ option will only allow you to select existing SSL Certificates that are installed or imported into the Shared Hosting Control panel select the SSL Certificate that has the name that you made a note of before.

Finally click on the ‘OK’ button, your eMail domain is now enabled with your installed SSL Certificate.

All of our redIT Shared Web Hosting accounts have the ability to enable SSL Certificates.

If you wish to use the Free Lets Encrypt SSL Certificates this guide will show you how to enable and obtain a new Lets Encrypt SSL Certificate, which will then be automatically renewed for you by the our hosting platform for you.

This guide also assumes that you are hosting your Domain Name DNS Service with us.

To request and issue a Lets Encrypt SSL Certificate for your Shared Hosting Domain with us at redIT you will need to be logged into your redIT Hosting account which you can do by following the guide at https://faq.redit.co.uk/knowledge-base/logging-into-your-redit-hosting-account/

If you have a Certificate Authority Authorization record in your DNS Zone file you will also need to ensure that you update the record to either include the Lets Encrypt Certificate or replace your existing records. More details on this can be found in our article on CAA at https://faq.redit.co.uk/knowledge-base/how-to-add-a-certificate-authority-authorization-caa-dns-record/

Once you are logged into your redIT Hosting Control Panel from the left hand menu bar expand the “WWW” section and click on the ‘SSL Certificates‘ item.

In the main panel you should now see the ‘SSL Certificates’ page which will list any current SSL Certificates

To add a new Lets Encrypt SSL Certificate click on the ‘Lets Encrypt’ icon from the top bar. This will then take you to the SSL Certificate creation wizard.

We recommend that you click on ‘Wildcard SSL-Certificate‘ as this will then allow you to use the one single SSL Certificate for both your website and your eMail service. This will change the displayed wizard to the following.

If you have more than one domain in your account you can select the domain that you are requesting the certificate for under the ‘Domain’ drop down option.

You can also change the Key length but 4096 is the recommended key length.

You can now click on the ‘OK‘ button to continue with the request.

You will now be returned to the ‘SSL Certificates’ page where you will be able to see the status of your SSL Certificate request.

The control panel will automatically do all the work for you if your Domain Name DNS zone file is also hosted with us at redIT and depending on the work load of the Lets Encrypt system you should soon see that your SSL Certificate is issued.

You should now ensure that your SSL Certificate is in use for your web site and mail service. From the left hand menu under the ‘WWW‘ menu select ‘WWW-domains‘ and then on the main panel click on the domain name that you just requested the SSL Certificate for:

Now click on the ‘Edit‘ button from the top options.

You should see that there is a tick mark in ‘Secure connection (SSL)‘ and that the ‘SSL certificate‘ matches the name of the SSL Certificate that was issued before, if this is not the case click on the check box and select the SSL Certificate from the drop down options list and click on the ‘OK’ button.

What is a Certificate Authority Authorization (CAA) DNS Record?

A Certificate Authority Authorization (CAA) record is a security
measure that allows the domain name owner to specify which Certificate
Authority (CA) is authorized to issue certificates for that domain.
If
a CA receives an order for a certificate for a domain with a CAA record
and that CA isn’t listed as an authorized issuer, they are prohibited
from issuing the certificate to that domain or any subdomain.

Why use a CAA?
SSL Certificate Authoritys are required to check a Domain Names DNS records for a CAA record before issuing an SSL Certificate.
This
gives the benifit of perventing unauthorized issueance of an SSL
Certificate and will help protect your business and your web site from
fraud.

What if I don’t have a CAA Record?
If
you don’t have a CAA Record in your DNS this is the same a saying that
all CA’s may issue a certificate for you and as such we would recommend
adding a CAA Rule.

How Do I Create A CAA Record?
We have found a site that will do most of the work for you.
If you visit https://sslmate.com/caa/ you will be able to enter the details needed.
If for example you wanted to create a CAA record for ‘reditexample.co.uk’ you would enter the domain name into the box in section 1.

Now if you are looking to create your first CAA record for this domain click on the ‘Auto-Generate Policy’ this will look for any existing SSL Certificates on you domains DNS Records.
If you think you already have a CAA Record and are looking to update the rules you can click on ‘Load Current Policy’
If any SSL Certificates are found they will then be selected in section 2.

From here you can either select to add additional SSL Certificate providers or remove some of the ones that have been selected for you.   In the next section ‘Section 3’ you can enter an optional eMail address, which will be used if an SSL Certificate is attempted to be issued for your domain that is not on the allowed list.

Finally you will see that in Section 4 is a copy of the DNS Records that you will need to add to your DNS Zone file. Most providers will be able to work with the ‘Generic’ output

If you are using the redIT Shared Hosting Platform or the redIT DNS Service you can add these records through our Hosting Control Panel and once you are logged in select ‘Domain Names’ from the left hand menu:

Now from the main control panel page select the domain name that you wish to add the CAA record for and click on the ‘Records’ Icon

You should now see a list of all your current DNS Records for the selected Domain Name. To add the new record or records you will need to click on the ‘Add’ button at the top of this page.

Finally for each of the records that the CAA Wizard has shown you you simply enter the details into the new record form. In this example we have added the first result returned from the Wizard as shown above

If you are adding the eMail record you can change the ‘Tag’ type as needed.