How To Get Free SSL On 1and1 IonOS WordPress Hosting is something that took some time to work out, but it is possible to have the reliable, fast, and affordable host package with a free SSL certificate protection in place.
I have been a 1and1, or now renamed Ionos, customer for many years.
They are America’s oldest running supplier of domain names, and they are easier, infinitely more helpful, and more cost effective than Godaddy and many other domain and web hosting vendors.
Some people love Godaddy.
I have found that unless you spend top dollar with Godaddy, their WordPress packages speeds make working in WordPress nearly impossible – I think this lag is due to a push to upsell you – and their support wanes too.
Back to the task at hand:
I set up awesome WordPress hosting package with 1and1 and for the myriad sites you can host there at good speeds for low cost, there is one BIG caveat: the SSL.
1and1 gives you one free SSL per domain account and that includes the WordPress hosting for unlimited websites.
Their free SSL works like a charm and is too easy to set up.
But for all of the other domains and websites, you need a free option.
I get it; 1and1 offers such a cheap hosting product that they make money off of the domains purchased and the SSL add-ons.
But they do not, like most hosts do, give you the access to add your own free certificate through a secure free standard in today’s world, like EFF.org’s Certbot (which includes instructions).
For SEO purposes, Google has forced SSL’s https for their site rankings to push security.
This is a good thing.
But it means that you must have an SSL certificate on your own website for security AND for SEO.
And so I searched for hacks to get free certificates installed in 1and1’s servers and it is not possible.
But one work around can set you up, and it is not even difficult to set up.
Here is the trick: Cloudflare.
Cloudflare optimizes many aspects of WordPress websites, and that includes offering a free SSL for your site.
Cloudflare has a free package per website and a WordPress plugin to help things go smoothly.
Sign up with your email.
Go into Cloudflare.com and get your API code.
Go into your WordPress plugin and add the code and email and sync up the goodies.
Now go back to Cloudflare and follow their instructions for using their name servers on your domain in 1and1, rather than 1and1’s default name servers.
That is the trick.
You no longer use your 1and1 name servers to add security and boost speeds.
And this allows your domain to go through Cloudflare and its free SSL.
Now I have found there are some difficulties in doing this, and the worst possible outcome is a .301 redirect error that can cut off your WordPress admin access and be a real pain in the ass to go into the sftp and delete your way to getting back into the site.
My setup eliminates this problem.
But be aware that tinkering could bring this on.
I always add both the Cloudflare SSL WordPress plugins that are available before I invoke the SSL on the site.
These are made to prevent a redirect issue.
I also keep the SSL at “flexible” status in Cloudflare’s “Crypto” section.
All that done, there is another problem that will arise on occasion: the SSL in your browser may not show as completely secure due to content, like pictures, that are still http.
The SSL is still in place in the site, but your own content can undo the full padlock in the browser.
This happens to any WordPress site, not just one with Cloudflare’s SSL.
The best thing you can do is to keep the themes and plugins updated, and to download a SSL insecure content fixer plugin; there are many to try with your theme.
This should put you back on track . . . for free!
Make use of my hours spent searching for a way to secure those sites in 1and1, Ionos WordPress hosting.