How To Get an SSL Certificate for Your Website in 8 Easy Steps

"How to get an SSL certificate?"

This question definitely brings in a lot of confusion for new website owners and administrators. Figuring out which SSL certificate you need and then finding out how to set it up while reading through all the technical jargon can cause headaches. Many website owners struggle with the complexities and try to ease them by using tools like SSL and transport layer security (TLS) certificate software.

If you are struggling with this problem, our guide here simplifies how to get an SSL certificate, even if you're new to website management.

If you’re completely new to the concept of SSL certificates, we recommend reading our comprehensive guide on SSL certificates before proceeding. Otherwise, let’s get started on securing your website!

1. Decide SSL certificate type you need

Before we move on to the technicalities of how to get an SSL certificate, you need to know which certificate your domain requires. Different types of SSL/TLS certificates are categorized based on the security validation they provide to domains and the number of domains and subdomains that need to be secured.

This table serves as a quick guide to help you select the best option based on your website's needs.

If you need more help, we've included a handy decision tree to help you navigate the options based on your specific requirements.

2. Choose a certificate authority

If you are wondering where and how to get an SSL certificate, certificate authorities (CA) are the answer. A CA is a trusted third-party organization that verifies a website's identity and issues SSL/TLS certificates. The certificates ensure that users can trust the website they’re visiting.

You can get an SSL certificate in two ways: from CAs like Let'sEncrypt or from web hosts and domain registrars who get it from CAs. 

1. From certificate authorities directly

Typically, organizations with specific security requirements, such as e-commerce businesses, large enterprises, government agencies, or web developers managing multiple certificates, benefit most from purchasing SSL certificates directly from a CA.

If you decide to do the same, consider the following:

• Certificate type: Choose a CA that offers the kind of SSL certificate you need (DV, OV, EV).
• CA reputation: Check for a strong reputation and long-standing history in the industry.
• Compatibility: Verify the CA is recognized by major web browsers to avoid compatibility issues.
• Pricing: Evaluate different pricing plans and features to find the best value for your needs.
• Additional support: Consider options like SSL installation assistance, warranty, and security guarantees.

2. From web hosting providers, domain registrars, and SSL/TLS certificate software vendors

Alternatively, you can get an SSL certificate from web hosting providers and SSL/TLS certificate service providers.

Many web hosting providers, like Hostinger, HostGator, and BlueHost, and domain registrars, like GoDaddy and NameCheap, offer free DV SSL certificates as part of their plans from CAs, like Let’s Encrypt, GlobalSign, and SSL.com.

As mentioned earlier, if you just have one domain that you need to secure and are sure you won't be handling a lot of sensitive information, you can get the free SSL certificate from either CAs like Let'sEncrypt, SSL for Free or from web hosting providers and domain registrars like GoDaddy, Namecheap or BlueHost.

Please remember that the free SSL certificates expire every 90 days, so you need to renew them to avoid any mishaps. Some SSL providers also offer a 30-day or 90-day free trial you can consider if you are going for free SSL certificates. 

However, for a higher level of validation, you need to purchase OV or EV certificates either from the CA or from SSL/TLS service providers who resell CA certificates.

SSL/TLS service providers are often the best option if you need assistance with certificate installation and management.

After choosing your vendor and certificate type, you need to generate a CSR and keep it ready before you purchase the certificate from CA.

Note: Many hosting providers handle CSR generation and SSL deployment if you buy the certificate from them. Check with your web hosting provider and see if you can skip the CSR generation step.

3.Generate CSR

You have to have a CSR in order to obtain an SSL certificate. It’s a block of encoded text that contains information about your website, your public key, your company name, and your contact details. The CSR is sent to the CA to validate your request and issue the certificate.

There are three ways to generate a CSR.

• Using a web hosting control panel like cPanel
• Using an online CSR generator
• Using command-line tools on your web server

1. Using cPanel

If you have access to cPanel through your web host, generate your CSR there.

• Locate the SSL/TLS section in your cPanel dashboard. 
• Look for options related to Certificate Signing Requests and follow the on-screen instructions. You'll typically need to provide details like your domain name, organization information, and contact email. 
• Once submitted, you'll receive a CSR file containing your public key information and a private key file.

For example, let's see how to do this in BlueHost.

• Log into your BlueHost account and you can access cPanel by clicking on the “Advanced” option on the home page. 

• In the cPanel dashboard, scroll down to the “Security” section. Click on the "SSL/TLS" icon to enter the SSL/TLS Manager.

• In the SSL/TLS Manager, look for the Certificate Signing Requests (CSR)" section. Click on the Generate, View, or Delete SSL Certificate Signing Requests link.

• You will be presented with a form that requires specific details about your website and organization like: 
  • Common name, Enter the fully qualified domain name for which you are purchasing the SSL certificate. For wildcard certificates, enter the Common Name as *.yourdomain.com to cover all sub-domains. 
  • City. Enter the city where your organization is legally located. 
  • State. Enter the state or province where your organization is located. 
  • Country. Select your country from the dropdown list. 
  • Company: Enter the legal name of your organization. If you’re registering as an individual, you can use your name here. 
  • Company division. Enter the division of your organization that handles this request ( IT, web development). If you’re an individual, you can use NA.
  • Email. Enter an email address where your CA can send notifications about your certificate request. 
  • Passphrase. Some CAs require a passphrase to validate the CSR. Be sure to remember it because you might need it later.

• Once you enter these details and click Generate, you will receive your CSR and private key.

2. Using an online CSR generator

Alternatively, generate the CSR using online generators from CSRgenerator.com, DigiCert, or SSL.com. Follow the instructions provided by the online generator to fill in the required details. The tool will create the CSR and private key file that you can download.

Exercise caution when using online SSL tools since you're sharing sensitive information.

Screenshot of CSR generator from SSL.com 

3. Using command-line tools on your server

This method involves using the OpenSSL command-line tool; it’s recommended for advanced users. You'll need direct access to your server and familiarity with command-line tools.

• Open Comand Prompt on Windows or Terminal on macOS.
• Run the following command after replacing yourdomain.key with your desired private key file name. Replace yourdomain.csr with your desired CSR file name.

• You’ll be prompted to enter a passphrase that will protect your private key file. Enter the passphrase and verify it by re-entering it. 

• You’ll now be asked to enter details that go into the CSR file.
• Once you complete this, your CSR and private key file will be created and downloaded automatically to your device. There will be no notification about this. Just check your downloads or your usual file storage location. 

Refer to this resource by NameCheap for detailed instructions on generating CSR on different servers using other tools like Certreq or Powershell.

4. Submit the CSR to CA

Go to the website of the CA you’ve selected and create an account. Signing up usually entails entering your email address, creating a password, and completing an email verification process.

Choose the type of SSL certificate you need and follow the on-screen instructions to start the SSL certificate ordering process. When prompted, copy and paste your CSR into the provided field.

5. Complete the domain validation

The CA initiates the validation process based on the certificate type.

• DV SSL/TLS certificate: The CA might send an email to the domain's administrative contact or require you to place a verification file on your website or add a specific DNS record to prove your domain ownership. Domain validation usually takes just a few minutes.
• OV SSL/TLS certificate: In addition to domain ownership, the CA verifies the existence of your organization. This usually means you provide business documents like articles of incorporation or a business license. Organization validation generally takes 1-3 days.
• EV SSL/TLS certificate: This requires extensive checks on the organization's legal entity. The CA verifies business registration, physical location, and operational authority. Extended validation takes longer than OV upto 5 business days, as it involves more thorough checks.

Be prepared to provide necessary documentation and cooperate with the CA's verification procedures. Upon successful validation, the CA issues the SSL certificate.

6. Install the SSL certificate

Many web hosting providers automatically install SSL/TLS certificates if you purchase from them directly. If your provider doesn't offer this option, you'll need to install the certificate manually, but it’s an easy process. Here's how to install an SSL certificate: 

Download the SSL certificate files from the CA. You’ll usually get three files.

• Primary certificate: This is the main SSL certificate file (often with a .crt extension).
• Private key: This is a secure file (usually with a .key extension), that corresponds to your public key. Keep it confidential.
• CA bundle (intermediate certificate): This file, often with a .ca-bundle or .crt extension, contains intermediate certificates necessary for building the certificate chain.

Installing via cPanel

Using the cPanel provided by your web host is the most common method for installing an SSL certificate. Here’s how to do it.

• Go back to your cPanel and navigate to the SSL/TLS section.
• Locate the Certificate option. Here, you can add a new certificate by uploading the entire file directly from your computer or by copying and pasting the content of your certificate file into the provided text box. 
• Now go back to the SSL/TLS section and click on Manage SSL sites or a similar option. 
• Select the domain for which you purchased the certificate and click on the Autofill by Domain” option. Your certificate file will auto-populate in the corresponding section. In rare cases, you may need to copy the content of the certificate file, private key, and the CA bundle into the text box provided. 
• Once it’s filled in, click Install.  

Note: The exact steps might vary slightly depending on your hosting provider and cPanel version. So, always refer to the documentation of your specific hosting provider for help.

For example, on cPanel accessed via BlueHost, you need to click on “Generate, view, upload, or delete SSL certificates” to upload the SSL certificate.

Once uploaded, go back and select Manage SSL Sites under  Install and Manage SSL for your sites (HTTPS) section to install the certificate. 

Installing on other platforms

If you have direct access to Apache, Nginx, or any other web server, refer to this resource by GoDaddy for detailed instructions.

7. Update your website to HTTPS

Once you’ve installed the certificate, your website will be accessible over both HTTP and HTTPS. You must redirect your website from HTTP to HTTPS to make certain that all visitors are directed to the secure HTTPS version of your site.

The best way to do this is to update your .htaccess file.  If you use a WordPress site, use Really Simple SSL plugin. It automates the entire process of redirecting your site from HTTP to HTTPS.

Otherwise, follow the instructions to do migrate from HTTP to HTTPS using cPanel.

• Access File Manager: From cPanel’s main dashboard, go to File Manager under the Files section.

• Find the .htaccess file: Go to Settings and check Show hidden files.

• From the list of files displayed, right-click on the .htaccess file and select Edit.

• Add the following lines to the .htaccess file to permanently redirect all traffic to HTTPS. 

• Save changes to the .htaccess file. 

8. Verify your SSL installation

Now that you’ve installed the certificate and redirected your traffic to HTTPS, check to see if the certificate is working as intended. This helps you avoid any downtime due to SSL errors. Here’s how you do it:

• Access your website using HTTPS (https://yourdomain.com).
• Look for a padlock icon in the address bar of your web browser. This indicates a secure connection. Hovering over the padlock often displays details about the SSL certificate, such as the issuer and expiration date.
For example, in the Google Chrome browser, you can find the padlock icon here.

• Confirm that all pages and features of your website load correctly when accessed through HTTPS. Check forms, images, and other content to verify they’re displayed without errors.
• Alternatively, you can use online SSL certificate checkers from services like SSLShopper, DigiCert, and SSLchecker.com.

Frequently asked questions (FAQs) on how to get an SSL certificates

If you still have some questions related to the process of how to get an SSL certificate for your websites, read on to clarify them. 

Q. Can I get a free SSL certificate?

A. Yes, there are free SSL certificate providers like Let’s Encrypt, Cloudflare, SSL.com, and ZeroSSL. These certificates are typically domain-validated and offer the same level of encryption as paid certificates. 

Q. How much do SSL certificates cost?

A. The cost of SSL certificates varies depending on the type and the CA. Prices can range from nothing to hundreds of dollars per year for premium EV certificates.

Q. Where can I get an SSL certificate?

A. You can get an SSL certificate from various CAs and web hosting providers. Some popular options include Let's Encrypt, Sectigo (formerly Comodo) Cloudflare, SSL.com, DigiCert, GlobalSign, GoDaddy, Namecheap, and Bluehost.

Q. How long does it take to get an SSL certificate?

A. The time to get an SSL certificate varies depending on the certificate type. DV certificates are issued almost instantly. OV certificates take a few days for the organization validation process. EV certificates can take several days to weeks due to thorough validation.

Q. What happens if my SSL certificate expires?

A. If your SSL certificate expires, your website will not be secure. Visitors will see warnings in their browsers, and data transferred to and from your site will not be encrypted. Always renew your certificate before it expires to prevent these issues.

Q. How do I renew my SSL certificate?

A. SSL certificates need to be renewed before they expire. To do so, generate a new CSR and purchase a renewal from your CA. Install the new certificate on your server.

Site secured

You have now gone through the whole process of how to obtain an SSL certificate and install it for your domain. While it sounds technical, it is easy as long as you follow the steps here.

So, go on and choose an SSL certificate that aligns with your website's needs, considering factors such as domain coverage, validation level, and budget. Install the SSL certificate as shown. Regularly monitor your SSL certificate's expiration date to ensure uninterrupted security. Your website deserves the best protection. Secure it now.

Take the next step toward reliable website security. Read this free G2 guide on web application firewalls (WAF) to understand why you need it.