SSL & HTTPS (Free Certificate + Renewal)
Every modern site needs HTTPS: browsers mark plain HTTP as "Not secure", and Google uses HTTPS as a ranking signal. The good news is that a certificate is free and, on most hosts, close to one click.
Getting a free certificate
Almost every host issues free Let's Encrypt certificates from its control panel:
- Hostinger / cPanel: open SSL (or Security, SSL/TLS Status), pick your domain and click Install or Run AutoSSL. It is usually automatic within minutes.
- CyberPanel / other panels: use the panel's Issue SSL button for your website.
After the certificate is active, set your site's canonical address to the https:// version (Admin, Settings) so every canonical tag, your sitemap and your social previews all point at the secure URL. The site also sends an HSTS header over HTTPS, which tells browsers to always use the secure version.
How the certificate is validated
To prove you own the domain, the certificate authority asks for a file at http://your-domain/.well-known/acme-challenge/… during issuance and every renewal. Your site is configured to serve that path directly, so validation works out of the box. This matters because a custom PHP application routes every request through one front controller; without special handling, the validation request would hit the app, return a "not found", and the certificate would fail. The package handles this for you, so you do not normally need to do anything.
Automatic renewal
Let's Encrypt certificates last 90 days and your host renews them automatically in the background. You do not have to remember anything. If you ever want to check, your control panel shows the certificate's expiry date and days remaining.
If a renewal ever fails with a 404
If your panel reports that renewal failed with an "Invalid response … /.well-known/acme-challenge/…: 404", the validation file is not being served from where the certificate authority is looking. The usual causes and fixes:
- Shared hosting (Apache / cPanel / Hostinger): make sure the site's document root points at the package's
public/folder, or that the included root.htaccessis present (it forwards requests intopublic/and already serves/.well-known/directly). Re-upload the.htaccessfiles if they were removed, then re-issue the certificate. - Advanced (LiteSpeed / OpenLiteSpeed VPS, e.g. CyberPanel): the web server may serve the ACME challenge from a shared folder that is different from where the renewal writes the file. If the two paths differ, point them at the same place (a symlink between them is the simplest durable fix), then re-issue. This is a server configuration detail, not a site setting.
In all cases the fix is a hosting-level path detail; nothing in the application content needs to change. Once the challenge file is reachable, issuance and renewal succeed and stay automatic.