Let’s Encrypt


It is time for the Web to take a big step forward in terms of security and privacy. HTTPS needs to become the default.

We offer free TLS certificates to everyone, provided by Let’s Encrypt. HTTPS stands for HyperText Transfer Protocol over SSL and is the secure alternative to HTTP. Nowadays we usually talk about SSL’s successor: ‘TLS’, which is more secure and still maintained. TLS has 2 main features:

1. Authentication: You need be able to trust that the server you are connecting is authentic.

2. Encryption: The encryption TLS provides makes sure you and the server you are connected to are the only ones to know what you are communicating about.

You can turn on Let’s Encrypt TLS for your own domain by login in as a webmaster in our Cosmos Service Center. Go to Hosting > TLS Settings and turn on TLS for your preferred (sub)domain.

  • Switch on TLS for an existing website
  • WordPress website compatible
  • HSTS

Via the Cosmos Service Center you can easily turn on Let’s Encrypt TLS certificates for several (sub)domains.

1. Enable TLS

If your sub domains are configured correctly, go within the Cosmos Service Center to Hosting > TLS Settings. Select ‘TLS Enabled’ for the desired (sub)domain.


Next, check your website via https:// (for instance https://greenblog.nl) and check if your website is working correctly. Check if you can see a green lock in the address bar: this shows you that the connection with your website is is encrypted and secure.


Green lock icon in URL bar

If not everything is configured correctly, it’s is possible that you don’t see a lock at all, or an orange lock, or a lock with a warning triangle. This means that part of your website is not transferred via TLS. Images from an external source are not automatically sent through the TLS-connection when there is ‘http://’ in the link to the image. It is possible that you don’t see a green lock because external images are sent over an insecure connection. Click on the icon to the left of the URL in the address bar to see which part of the website is not yet send securely.

If you have a WordPress website and the green lock did not appear, please follow this manual (link) on how to adjust your WordPress website to make it suitable for TLS.

Is everything working fine? Then we can force the https connection.

2. Force TLS

Go back to the Cosmos Service Center, Hosting > TLS Settings and turn on ‘Force TLS’ for the (sub)domain you tested. All the visitors of your website will use the TLS connection automatically from now on.

Important: If you have a WordPress site, you should now edit your site settings in wp-admin to change the ‘WordPress address’ and the ‘Site address’ from ‘http://…’ to ‘https://…’

In this manual we’re going to describe how you can change the links of the files of an existing WordPress website automatically to relative (‘//’) links, to arrange that you’ll get a green lock in your address bar. We recommend the WordPress plugin Better Search Replace.

Follow these steps to change the links of all te documents on your website to work with https:
1. Make a backup of your database

2. Log into your WordPress website

3. Go to ‘Plugins’ and download the plugin ‘Better Search Replace’

4. Install and activate the plugin ‘Better Search Replace’

5. In the menu, click ‘Extra’, then click ‘Better Search Replace’

6. Fill in the following details:
search for:    http:\/\/JOUWDOMEIN.NL (for example ‘http:\/\/greenblog.nl’)
replace with:  \/\/JOUWDOMEIN.NL (for example ‘\/\/greenblog.nl’)
select all tables
select case-sensitive
check if ‘Run as dry run?’ has been selected. In case it is, it will only give you an overview of the links that are going to be converted. In case it’s not selected it will convert the links right away.


7. Visit the https:// version of your website (for instance https://greenblog.nl) and check if the website is still working accordingly. Check if you see the green lock icon in the address bar, if so, this means that your connection with your website is authentic and encrypted.

8. In your WordPress website’s wp-admin, go to ‘Settings’ and change the WordPress address and Site address from ‘http://…’ to ‘https://…’, for instance from http://greenblog.nl to https://greenblog.nl.

9. Go back to the Cosmos Service Centre, Hosting > TLS settings and enable ‘Force TLS’ for the (sub)domain that your wordpress runs on. All your visitors will now automatically connect through TLS when they visit your website.

HTTP Strict Transport Security (HSTS) is a way for web servers to tell your browser that the website you are visiting will always have TLS enabled, and that if in the future TLS is not enabled, it should not connect to the web server. It is important to note that TLS does two things.
One of those is to protect the connection with a layer of encryption.
The other less commonly known feature of TLS is that it checks the validity of the server you are connecting to. In other words, it protects you from connecting to a fraudulent server.
With HSTS enabled, after you visit a website for the first time, the browser will remember that the website will support TLS for at least the next 6 months.
Note that this means that you need to keep TLS enabled for at least 6 months after you disable HSTS. Please test that all the features of your website work well with TLS enabled, before you enable HSTS.