I request a ssl from https://www.sslforfree.com.

Simply fill your website url and request a free ssl.

Then you will get 3 files, Certificate(CRT), Private Key, and CA Bundle. first two are mandatory to install ssl, CA bundle is optional.

Open the file with Text editor, then copy all the content ( include —begin Certificate —- and —–END CERTIFICATE—– line ) in the first two files to the related area in the SSL installation page in the CPANEL.

SSL Certificates expire after 90 days so be sure to re-generate your SSL Certificate. Or you can register by email, so you can get a notice 1 week before the expiration.

Let the visit automatically switch(redirect) to https

 

If you have a secure certificate (SSL) on your website, you can automatically redirect visitors to the secured (HTTPS) version of your website to make sure their information is protected.

Linux & cPanel

Linux-based accounts use .htaccess files to handle redirection.

If you need to create a .htaccess file, you can use your control panel’s file manager (Web & Classic / cPanel).

Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

If you have an existing .htaccess file:

  • Do not duplicate RewriteEngine On.
  • Make sure the lines beginning RewriteCond and RewriteRuleimmediately follow the already-existing RewriteEngine On.

If you ware using WordPress for your website, using following:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Apache configuration file

Or you can do it in apache configuration file /etc/httpd/conf/httpd.conf

RewriteEngine On 
RewriteCond %{HTTPS} !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Windows & Plesk

Windows-based accounts use web.config files to handle redirection.

If you need to create a web.config file, you can use your control panel’s file manager (Web & Classic / Plesk).

Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:

<configuration>
<system.webServer>
<rewrite>
    <rules>
	<rule name="HTTP to HTTPS redirect" stopProcessing="true"> 
	<match url="(.*)" /> 
	<conditions> 
		<add input="{HTTPS}" pattern="off" ignoreCase="true" />
	</conditions> 
	<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>   
    </rules>
</rewrite>
</system.webServer>
</configuration>

If you have an existing web.config file:

  • Ensure you have sections (i.e. opening and closing tags) for:
    • system.webServer (which contains rewrite)
    • rewrite (which contains rules)
    • rules (which contains one or more rule sections)

    Insert any of those sections that do not exist.

  • Insert the entire rule section, including matchconditions, and action, inside the rules section.

    You’re inserting the rule (without an ‘s’) inside the rules (with an ‘s’) section.

 

Tomcat:

There is no automatic cert renew for tomcat, so you have to manually verify it, request it and copy to the tomcat folder.

Verify

Some application may lock the web root folder, so it is recommended to verify it via DNS.

sudo certbot-2 certonly --manual -d your.domain.name --preferred-challenges dns

It will show your an txt record “_acme-challenge” and desired value.

Then you will need to create a txt record name “_acme-challenge”, pointing to the value shown above.

 

Or you can use apache as reverse proxy server for TOMCAT, and automate the renew there.

Reference

https://au.godaddy.com/help/redirect-http-to-https-automatically-8828

https://www.namecheap.com/support/knowledgebase/article.aspx/795/69/how-to-install-ssl-certificates

Tomcat: https://medium.com/@raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2