Browse hundreds of income reports, revenue stats, and case studies

revenue ¢onfessions

The Complete Beginner’s Tutorial to Install Website SSL Certificate

Vlad Leave a Comment

For a long time, HTTPS was used primarily by large companies, by e-commerce sites, and by those that gather sensitive user data. The regular blog, which only gets a username and email had no reason to install website SSL certificate.

Then Google included HTTPS in its ranking signals. This means you may boost your site ranking by installing website SSL certificate. Nobody knows exactly how big the boost will be, but all tend to agree that there will be one.

Even if your site is a plain blog, it will still benefit from going secure. Revenue Confessions does not process private user data and yet I decided having a green lock in the address bar is worth it.

It may sound scary to those that lack technical skills. It may sound expensive too. Well, for the regular blog that only gathers username and email, it is neither of them!

Website SSL Certificate Vendors

Your hosting provider most likely sells security certificates. Go now and check your hosting web page and look for “SSL certificates” or “HTTPS”. When you find it, you’ll see there are several options, some of them mentioning “Green address bar”, “Business validation” or “Multidomain”. You don’t need any of these for your blog. If you run an e-commerce site or process payments and credit card info, then you’ll need to research these certificates and pick the one that suites you the best.

For the typical blog that serves advertisement and provides affiliate links, there is no need to go for the expensive options. The cheapest one that provides basic encryption is enough. It is called Domain Validated (DV) Certificate.

I know it is tempting to buy a certificate from your hosting company. I advise you to browse other buying options too. After you see your host offers, make a google search and check out competition prices.

The SSL Store

I would recommend visiting The SSL Store. I made an extensive search for certificates and this is the site that provides high-quality trustworthy certificates at the lowest prices. It offers a variety of SSL brands like Symantec, GeoTrust, Thawte, and Comodo among others.

The SSL Store provides the Norton Shopping Guarantee for each purchase. This shopping guarantee provides two benefits. First, refunds are independently guaranteed up to $1000. Second, it provides lowest price guarantee – if the published price drops, they pay the difference up to $100.

You may still be inclined to pay a few dollars more and go with the hosting company. I’m ok with that. Just keep in mind that these are not one-time purchases, these are subscriptions that will be paid every year, and every year you’ll have to pay these few dollars more just because you were afraid to pick the cheaper option the first time.

And why are you afraid to look outside your hosting provider? I know, I was afraid too. I presumed that sticking with my hosting provider will spare me troubles installing website SSL certificate. That’s why I read all the instructions, provided by my hosting provider. Then I compared them to the instructions I needed to follow if I bought the certificate elsewhere. They were the same! That’s how I overcome my fears.

I bought my certificate from the SSL Store and I had no troubles installing it. I documented each step, no matter how small it was from buying the certificate, generating CSR, installing the certificate and updating the site and its Google Analytics settings. Read along for the most detailed tutorial to install website SSL certificate.

The best part is there is no need to shut your site down for the installation. The whole procedure will take you an hour or two with your site running the whole time.

Install Website SSL Certificate Tutorial

All screenshots below are from my real experience. I bought a RapidSSL certificate from The SSL Store and I used that certificate to secure my site revenueconfessions.com. I access my hosting through cPanel. You may follow this tutorial even if you choose another SSL certificate or buy it from elsewhere.

Tutorial Contents

I. Buy an SSL Certificate
II. SSL Certificate Generation Options
III. Generate Certificate Signing Request (CSR)
IV. Finalize SSL Certificate Generation
V. Certificate Validation
VI. Install Certificate
VII. Update Website
VIII. Let Google Know

It may look a long list of steps initially. That’s because I put every single mouse click in a separate step with a screenshot. There is no way you get lost with this comprehensive tutorial.

I. Buy an SSL Certificate

Step 1 – Choose and Buy an SSL Certificate

SSL Store screenshot
Choose a certificate and buy it. I won’t go into detail how to enter your credit card number. If you’ve ever bought anything online, you’ll pass this step without problems.

Step 2 – Purchase Complete

Step 1: setup account
After a successful purchase, you’ll have an account created automatically for you. Enter a password that you’ll remember and click Set Now button. You’ll need that account in case you have to interrupt your SSL setup process and come back to it later. You may use the same account for more purchases in the future.

You’ll also receive two emails – the first one confirms your order and the second one provides you with details about your Norton Shopping Guarantee.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

II. SSL Certificate Generation Options

Now that you’ve paid for a certificate, you’ll have to answer a few simple questions to get a certificate tailored to your needs.

Step 3 – Start The Generation Process

Step 3: begin certificate generation
There is a big red button Begin that you have to click. The button may look big and scary, but the process that follows is actually quite easy and straightforward.

Step 4 – Select Your Order Type

Step 4: select order type
Select New when buying the SSL certificate for the first time. Next time, when the certificate expires, you go through the same process, but then you have to select Renewal.

Step 5 – Switching From Another SSL Brand

Step 5: switching from another SSL brand?
First-time buyers select No. This step is applicable to those who renew their existing certificate and have decided to change SSL providers. If you’re one of them, follow the instructions carefully. You can receive up to 12 additional free months added onto your new certificate depending on when your current certificate expires.

Step 6 – Choose Your Automated Authentication Option

If you’ve purchased a Domain Validated (DV) certificate like me, you have to prove you own the domain that you’re buying a certificate for. There are three options:

  • Email – the issuing vendor will send a simple email to confirm ownership of the domain in question:
    Step 6: automated authentication through email
  • File – the issuing vendor will provide you with a simple text-based file for you to place it in your website’s home directory:
    Step 6: automated authentication through a file
  • CNAME record – the issuing vendor will provide you with unique hash values to enter on your DNS CNAME record:
    Step 6: automated authentication through CNAME record

Email is the easiest option. You’ll receive an email at the email address you’ve used to register the domain name, or one of the email addresses shown in the screenshot – admin@yourdomain.com, webmaster@yourdomain.com, etc (you’ll specify the exact email address later).
Choose Email Authentication option, unless you have a particular reason to avoid it and you know what you’re doing.

Step 7 – Input Certificate Signing Request (CSR)

Step 7: input certificate signing request
In order to get an SSL certificate, you’ll have to submit a certificate signing request first. I know it starts to seem complicated and that blue button We’ll install for $24.99 looks tempting, but hold on! It’s quite easy, do nothing here for now, leave this browser tab open and proceed to the next step.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

III. Generate Certificate Signing Request (CSR)

You have to switch to your hosting portal to perform the next steps.

Step 8 – Log In To Your Hosting Account

Step 8: log in to your webhostng account
Open another tab in your browser and log into your hosting account. My hosting company provides me with access to my site through cPanel and this is how it looks for me. It may look differently for you, but the same functionality would be there. Click on the SSL/TLS item in the Security section.

Step 9 – SSL/TLS Manager

Step 9: SSL/TLS manager
See the big heading Certificate Signing Requests (CSR) so you know you’re on the right way. Click the link Generate, view, or delete SSL certificate signing requests below it.

Step 10 – SSL Certificate Signing Request

Step 10: You do not have any Private Keys warning message
If you setup HTTPS for the first time, you’ll probably see the yellow warning under the heading Generate a New Certificate Signing Request (CSR) that reads:

“You do not have any Private Keys setup for this account. You must generate or upload a key before you can generate any certificate signing requests.”

If you see this warning, don’t worry and proceed to the next step. If you don’t have such a warning, skip the next 2 steps and proceed directly to Step 13.

Step 11 – Private Keys

Step 11: Generate a new private key
Go back to the SSL/TLS Manager (see the screenshot from Step 9) and click on the link Generate, view, upload, or delete your private keys under the Private Keys (KEY) heading. There you’ll see the Generate a New Private Key section at the top of the page. Make sure 2,048 bits is selected for Key Size and click Generate button.

Step 12 – Private Key Generated

Step 12: private key generated
When the new private key is generated, you’ll see a confirmation message in green:

“The server has generated the private key requested. To use this private key on another server, copy and paste the information from the encoded field below”

Now go back to Certificate Signing Requests (CSR) page from Step 10. Verify the yellow warning from step 10 is no longer there.

Step 13 – Generate a New Signing Request

Step 13: generate a new certificate signing request
It is time to generate the signing request. Scroll down to Generate a New Certificate Signing Request (CSR) section and fill the form:

  • Key – select Generate a new 2,048 bit key.

  • Domains – enter your domain. If you want your certificate to work for both yourdomain.com and www.yourdomain.com you must enter the domain with www like this: www.yourdomain.com. A common mistake is to enter the domain without “www” – then www.yourdomain.com won’t be secured. As you see from the screenshot, I did it too and I had to go back and make a new CSR again.

  • City and State – enter your city and state. Provide the complete name for them. Do not use abbreviations.

  • Country – pick your country from the list.

  • Company – enter your company name here. If you haven’t registered a company yet, enter either your site name or your name.

  • The next fields Company Division, Email, Passphrase and Description are not mandatory, fill them only if you wish.

Click Generate button below.

Step 14 – Copy Your Certificate Signing Request

Step 14: copy your CSR
If your CSR is generated successfully you’ll see a green message

“The Certificate Signing Request for “www.yourdomain.com” has been generated and saved in your user directory. To purchase a trusted certificate, you must copy the Encoded Certificate Signing Request below and send it to the Certificate Authority. Follow the instructions provided by your Certificate Authority.”

Do as this message says and copy the CSR. Select the whole request below, including the first line —–BEGIN CERTIFICATE REQUEST—– and the last line —–END CERTIFICATE REQUEST—–.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

IV. Finalize SSL Certificate Generation

Step 15 – Paste Your Certificate Signing Request

Step 15: paste your CSR
Now go back to the other browser tab where SSL Store waits for you to finalize your certificate creation. Paste the Certificate Signing Request in the field.

Step 16 – Select Your Server

Step 16: select your server
This is an optional step, so don’t think too hard about what your server is. It’s enough to pick cPanel from the list.

Step 17 – Select The Signature Algorithm

You may choose between two options here: SHA-2 and FULL SHA-2:
Step 17: select signature algorithm SHA-2
Step 17: select signature algorithm FULL SHA-2
Select SHA-2 option. The FULL SHA-2 option is intended for specific use cases, and should only be selected if you 100% know this is satisfying your needs. Otherwise, you risk disabling access for clients/devices that do not trust the newer SHA-2 roots.
Click Continue button at the bottom.

Step 18 – Confirm The Information You’ve Entered

Step 18: confirm information
Read carefully all information you’ve provided and verify it is correct.

Step 19 – Enter Contact Information

Step 19: enter contact info
Enter Site Administrator and Technical contact information. Site Administrator is the person that is responsible for order validation process. Keep in mind that Site Administrator email have to be one of the emails listed in Step 6. Technical contact is the person who will receive the new certificate and the renewal notices when the certificate nears expiration. It’s fine to give the same contact for these two roles, that’s why there is a handy checkbox under Technical contact information named Same as the Admin info above.

Step 20 – Finalize Order

Step 20: subscriber agreement
Accept the subscriber agreement and finalize certificate order.

Step 21 – Certificate Order Done

Step 21: initial SSL generation process completed
Your order is ready. You may rate your experience.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

V. Certificate Validation

Step 22 – Confirm Certificate Request

Check your email that you’ve entered for Site Administrator in Step 19. You’ll receive an email to confirm the certificate request. Click on the link provided in the mail.

Step 23 – Order Review and Approval

The link from the email will bring up this webpage:
Step 23: certificate order review and approval
Review the certificate information one more time and then click on I Approve button at the bottom.

Step 24 – Order Approved

Step 24: order successfully approved
You’ll see this confirmation screen.

Step 25 – Order Complete

Check your email again – you’ll receive your SSL certificate. If you’ve entered a different email for Technical Contact, then you need to check that email for your certificate.
Your certificate is located at the bottom of the email, look for Web Server CERTIFICATE title. Copy the certificate including the lines —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.
Under your certificate, you may see another certificate titled INTERMEDIATE CA. Do not bother copying it for now.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

VI. Install Certificate

Step 26 – Upload Your Certificate

Step 26: upload ssl certificate
Go back to your browser tab where you have your cPanel open. Go to SSL/TLS Manager from Step 9. This time look for section Certificates (CRT) and click on the link Generate, view, upload, or delete SSL certificates.
Scroll down to Upload a New Certificate section and paste your certificate in the text box below. Then click on Save Certificate button.

Step 27 – Certificate Saved

Step 27: the certificate has been saved confirmation message
If there are no errors in certificate installation process, you’ll see this green confirmation message:

“The certificate for the domain “www.yourdomain.com” has been saved.”

Click on the link Go back.

Step 28 – Install an SSL Website

Step 28: install website ssl certificate
Go back to SSL/TLS Manager page from Step 9. This time look for section Install and Manage SSL for your site (HTTPS) and click on the link Manage SSL sites below it.
Look for Install an SSL Website section and click on Browse Certificates button.
An SSL Certificate List will popup on your screen. Select the newly installed certificate and click the button Use Certificate.

Step 29 – Install Certificate

Step 29: SSL host successfully installed
You’ll see certificate text box populated. Make sure your correct domain is selected from the Domain drop-down list and click on Install Certificate button below.

You’ll see the popup SSL Host Successfully Installed. Click OK.

Take a deep breath. The hard part is over!

Step 30 – Check Your Website

Open a new tab in your browser and visit your website by starting the URL with “https:”, for instance, https://yourdomain.com. If you see the green lock in the browser’s address bar, then everything is fine and you are ready. You may skip the next step and go straight to Step 32.
It is possible that the browser does not show the green lock and shows the website as “not secure”. Do not despair! We’ll fix that in a moment.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

VII. Update Website

Step 31 – Mixed Content

The most probable reason for not having a secure connection is that your site loads some images or other resources through the unsecured http:// connection. View page source code and look for http://yourdomain and http://www.yourdomain.
Step 31: mixed content
If you are using Chrome browser, you may use Chrome developer tools to see the exact reason for the unsecured connection (see the screenshot above). Developer tools are accessible through Chrome Menu -> More Tools -> Developer Tools. If you click on View requests in Network Panel link, you’ll see the particular requests that go unsecured.

You’ll have to login in your WordPress admin area to fix these unsecured resources. When you’re done, check your site again (Step 30) and you’ll see the green lock.

Step 32 – Update Site URL

Step 32: WordPress address (URL)
Log into your WordPress admin area. Go to Settings -> General. Replace http:// with https:// in WordPress Address (URL) and Site Address (URL).

Step 33 – Update .htaccess File

Go back to your cPanel browser tab. From the cPanel home, open File Manager and go into your site’s public directory, typically public_html. Locate the file named .htacccess and edit it.
Append this text at the end of the file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomian.com/$1 [R,L]
</IfModule>

Do not forget to replace yourdomain above with your actual domain. Then save the file.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

VIII. Let Google Know

Step 34 – Google Analytics Settings

If you use an analytics tool to measure your website traffic, you’ll have to update your analytics settings. I show you how to do it for Google Analytics.
Step 34: Google Analytics Property settings
Open your analytics page and go to Admin tab -> Property Settings. Pick https:// from Default URL drop-down box. Click Save at the bottom of the page.
Step 34: Google Analytics View settings
Go to Admin tab -> View Settings. Pick https:// from Website’s URL drop-down box. Click Save at the bottom of the page.

Step 35 – Google Search Console

Step 35: Google Search Console
Open Google Search Console. Add two more properties for https://yourdomain and https://www.yourdomain.com. If you have a sitemap, submit a https one for these new properties.

If you have any problems with the steps so far, do not hesitate to tell me in the comments. TOP

That’s All

Congratulations! You’ve managed to install an SSL certificate to your site all by yourself!

It’s a good practice to schedule a reminder in your favorite calendar tool a month prior to your certificate expiration. This way you’ll have enough time to renew the certificate when the time comes.