You’ve purchased a certificate; now it’s time to make use out of it!
Since SSL certificates contain many technical details and security measures, in order to get your website working via HTTPS, you must do the following:
Below, you will find detailed instructions on how to complete the aforementioned steps. Before starting the activation process, we recommend confirming with your hosting service provider that this third-party certificate installation is supported by your server.
NOTE: If you’re already a Namecheap Shared Hosting customer, installing your PositiveSSL or EssentialSSL certificate is easy. All it takes is just two clicks from your cPanel SSL plug-in. Here’s a step-by-step illustrative guide on how to do this.
To get started, you will need to generate a Certificate Signing Request (CSR). This CSR contains the domain name and all the necessary information about certificate requester. It appears as a random block of code:
To obtain a CSR code, there are two ways to do so:
NOTE: Some hosting providers’ control panels don’t have the functionality to generate CSR codes. In these cases, feel free to use our online generator.
If you happen to face difficulties with locating your two-letter country abbreviation, you can search for it here. Now, using the online generator, fill in the fields with the requested information and click Generate. Once you’ve done this, you’ll be provided with your SSL certificate’s CSR code and matching private key. Make sure to save the private key on your computer as a text file (we recommend ANSI (ASCII) encoding format); otherwise, a certificate reissue will be necessary.
If a certificate reissue is necessary, the CSR code will be created for exactly the same domain name (subdomain name) as the one that was specified in the initial CSR code activation.
If you have a multi-domain SSL certificate, the activation process should not vary too much. Once you have a CSR code, you can activate the SSL certificate. Remember, purchased SSL certificates are not bound to any domain name until they are activated. To start the process, log in to your Namecheap account, open the “Product List” section on the left navigation bar, and click Activate, which is located next to your new certificate.
When the new page opens, follow the steps below in order to get your SSL certificate activated:
In case the Organization or Extended Validation certificate is already activated, you will be asked to submit company contact information:
The "Representative" section is required only for OV certificates.
NOTE: SSL Certificates cannot be issued for domain names considered unsafe by Google Safe Browsing. All unsafe domain names will automatically be removed from the Multi-Domain SSL Certificates by Comodo (now Sectigo). Check your site’s safety status here.
Congrats! You’ve successfully activated your SSL certificate for your domain name. Now you will need to validate it using Domain Control Validation (DCV), which confirms that you have the administrative rights and access to the domain name where the certificate was activated, e.g. Comodo (now Sectigo) Certificate Authority.
There are three ways to approve domain ownership:
If you have an OV (Organization Validation) or EV (Extended Validation) SSL certificate, you will need to complete the OV separately from the DCV, which is mentioned above. During this process, Comodo (now Sectigo) validation staff must be able to locate your company’s legal information listed, either in your country or state’s official governmental database or a trusted third-party database.
NOTE: If you do not receive an approval email within 15 minutes (and have already checked your spam/junk mail folders), or the certificate has still not been issued after one hour and you have confirmed that the file or record is publicly accessible, please contact our SSL Support Team via live chat or ticketing system for further assistance.
After your certificate is validated, it becomes active. At this point, there is only one step left for you to complete: installing the active certificate on the server.
Make sure that you have the certificate files downloaded before proceeding with the installation. The private key, which you already saved after the CSR code generation, will also be used during the installation.
You can choose between two options on how to install your active SSL certificate:
Depending on the type of control panel and/or web server you use, please refer to our specific guides on how to manually install:
NOTE: Usually, a Dedicated IP address is required for SSL installation. However, if you have SNI technology available on your server, you can install your SSL certificate on a shared IP address. We recommend checking with your hosting provider, prior to SSL certificate activation, regarding SNI availability for your host name. This will help to avoid any of the known issues that may occur with this type of SSL certificate installation.
All of Namecheap’s Shared Hosting servers have SNI technology enabled by default.
Once the SSL certificate is installed on the server, it’s time to check and see if it was installed properly. Feel free to open the Decoder tool, paste in the domain name, and click the Check button.
If you see the same status as the screenshot above, your SSL certificate was properly installed. Feel free to clear the cache of your web browser and visit the website via https://. Otherwise, you can open it in browser incognito mode.
As you can see from the steps above, your domain name will become available via the https:// connection once the certificate is properly installed on the server. Right after this occurs, you may experience a common post-installation issue which is when a “Not secure” warning message is displayed on the web page when you visit your website.
The thing about this issue is that SSL certificate installation only makes your website accessible via a secure https:// connection. In fact, it does not make it by default. Feel free to check it by manually typing your domain name with 'https://' in the beginning (e.g. https://example.com). You should notice that the warning message disappears and the green padlock is properly displayed in the browser address bar.
That’s why you can create a redirection rule on the server to make the https:// version of your website the default one. The rule should be created on the web server or in a control panel with the help of which the website is managed.
Please choose your control panel and/or web server from the list below and follow the corresponding steps in order to enable the redirection:
The redirection guide for WordPress panel can be found here.
Once the rule is created, your visitors will be automatically redirected to the https:// version of your site.
NOTE: The “URL redirect” option in the nameservers settings might not create the desired result. Moreover, redirect misconfiguration may take place in such case.
Another issue that you may encounter after the successful installation is the “Mixed (insecure) content” warning message in your web browser.
The message means that there is some content of your website (e.g. images, fonts, scripts, etc.) which has been downloaded from some sort of insecure location. In other words, the content is loaded via http:// links instead of https:// ones.
Rest assured that this isn’t related to the SSL certificate itself or its installation; it’s a code debugging issue. We recommend researching it independently or contacting the responsible developer if such a case arises. Your main goal when researching is to replace the ‘http://’ protocol in the beginning of all each link with the 'https://' one.
NOTE: The workaround for solving the insecure content issue is described on the dedicated page.
Header set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS
The list of all mixed elements can be found with the help of this online tool. Or just in your Google Chrome browser: