Getting SSL on GoDaddy Managed Wordpress Without Buying Their Certificate
I don't really care for GoDaddy hosting. It's nice that it's integrated with the domain registration in one place, and it is easy to set up. But you really have no control over a lot of things you'd normally expect to have control over.
Case in point, the domain URL for your Wordpress installation. You normally have access to this in the 'Settings' area of Wordpress admin, and there are a lot of reasons you'd want to be able to adjust it.
The most obvious times are when you want to add or remove 'www' from the beginning of your URLs. I don't generally use www unless the site has other subdomains and the www sometimes makes it easier to differentiate them. But either way, you have to adjust that in a GoDaddy control panel rather than the normal Wordpress admin area.
The real trouble starts when you want SSL, which is almost a requirement on a website anymore. You can only use the GoDaddy certificates, which for most people is probably fine, but there are a lot of other options out there.
I use CloudFlare and I love it, both for the caching and the auto-renewing SSL. And I love it for the totally free price. I set up Cloudflare thinking that I could change my installation URL to https and that'd be that.
But that takes us back to the first problem, no access to the site URL through Wordpress admin. And GoDaddy doesn't let you alter your site domain's protocol without buying their certificate.
You can use a MySQL GUI and directly edit the database on Wordpress, the wp_options table holds the site URLs. But if you change these to https without using GoDaddy's certificates, you will get an error message when you try to view the site.
So that leaves us without a lot of options on the GoDaddy side. CloudFlare to the rescue though. If you go ahead and set up your site on CloudFlare, you can just use the Free account. It will read in all the custom GoDaddy DNS entries, and copy them. Then you can change your DNS in GoDaddy to the CloudFlare nameservers.
You'll see an alert on GoDaddy that they no longer control the DNS of the Wordpress site, but you can ignore it. On the CloudFlare side, you want to choose the 'Flexible' SSL option.
This allows Cloudflare to interact with GoDaddy via HTTP, and let's the browser interact with your domain via HTTPS. From the browser you see a normal lock icon and everything looks fine. And the site will be faster served through CloudFlare.
Obviously I don't think you'd want to use this for WooCommerce or anything with credit cards or secure checkout. It could be fine, but there is some segment of the traffic being transported unsecured between CloudFlare and your server. And in those cases, GoDaddy has a merchant-type account with built-in SSL anyway.
If you have any questions or if you see any mistakes in my instructions, you can always email me at morganm@gmail.com.