OneRooftop has been hearing more and more buzz about getting an SSL certification for your vacation rental website. For some owners and managers, this is old news and you just need instructions about how to get one set up for your website. For others, SSL certification is a totally new idea and is a bit intimidating. We'd like to create a nice introduction to what SSL certification is all about, explain some context about what it means for your OneRooftop account, as well as provide some information about how to get an SSL certificate started.
An SSL certificate is a file that encrypts transmitted data on web page. In e-commerce, this most often means protecting credit cards, but it also means sensitive information about your guests.
Having an SSL Certificate means your website is secure and will have an https:// in the URL bar. You may have noticed your website up until now has only been http:// there is no s for secure. You can learn more about https from Google itself.
Great question. In truth, your website did have an https url on the pages where it mattered most to have one: on the booking page where your guest is submitting credit cards.
You'll notice when you send out a payment link to guests or when guests click through to request a stay, they are doing so on a OneRooftop link that has https and says Secure.
Websites built on OneRooftop redirect from your custom domain name to our secure payment link to ensure the safety of you and your guests.
Adding a logo to your website will brand your payment page. However, to ensure the security of your guests and your business, OneRooftop uses a secure link under our domain name.
Whether or not you need an SSL certificate is a question were hearing a lot. We have taken measures to ensure your guests can book with confidence. However, there are more reasons you may want to purchase an SSL certificate for your domain name.
Namely, Google Chrome has introduced a feature that warns users about a domain name that is not secure. Chrome announced they would put a Not Secure tag on pages where there were either passwords or credit card fields. This ultimately leads to their HTTPS everywhere goal.
Your best bet to continue inspiring confidence in guests will be to get an SSL certificate for your domain name.
Weve put together these instructions for SSL Certificate Installation Instructions. Please be aware, getting an SSL certificate costs an annual fee to GoDaddy or the provider of your choice. You can purchase a certificate through GoDaddy even if your domain is registered with another provider. We do not support SSL Certificates from iPage.
1. Buy SSL If you wish to have an SSL certificate, you will need to purchase it yourself. We encourage you to buy one from GoDaddy or one of its affiliates. You can get started by following this non-affiliate link.
2. Tell OneRooftop We will need to know the EXACT domain that they are wanting secured. This means you will tell us that you purchased www.domain.com or just domain.com.Once we know, we can generate a CSR for you.CSR stands for Certificate Signing Request.
3. Add CSR to your Godaddy account It will look like this (this is just an example):
BEGIN CERTIFICATE REQUEST-
END CERTIFICATE REQUEST
4. Activate your credit
> Log in to your GoDaddy account.
> Click SSL Certificates.
> Next to the SSL certificate credit you want to use, click Set up.
> If you have multiple credits, select the credit you want to use, and then click Set up.
> Refresh the page; you should see a New Certificate. If you dont, continue to refresh the page until you do.
5. Request your certificate from GoDaddy
- Next to your New Certificate, click Manage.
- Select Provide a CSR, and then enter the CSR. When asked for a server type, please select Linux/Apache
- After Godaddy verifies everything by these steps then you then should be able to download the zipped file.
6. Send OneRooftop Support the Zip file.
7. OneRooftop will enable HTTPS for your website
Most certificates expire after 1 or 2 years. So what happens when the certificate is due for renewal?
Even if your purchase automatically renews, there is still a short process for updating the certificate files that must take place, otherwise you will experience downtime for your domain. If the certificate expires and we haven't updated the files yet, your website will show a privacy warning to visitors saying your site isn't secure.
To avoid the issue above, we recommend setting a reminder for yourself a few days before the certificate expiration date. You will need to go through the initial process of uploading your CSR in your SSL account - you can use the original CSR, but if you're unable to locate it you can reach out to email@example.com and we'll send it to you.
Once you have uploaded the CSR, make sure to choose Apache as the server type, download the zip file, and send it to firstname.lastname@example.org. We'll take care of the rest!