How to enable SSL after purchase

After you purchase your SSL, there are some essential things you need to do to make it work and to enable HTTPS on your website or device. These are:

You may also need to:

Please note that if you have Namecheap Shared Hosting, 1-year promo PositiveSSLs will be activated and installed automatically for any domains pointed to Namecheap Web-Hosting DNS. Find more details here. You can also install your PositiveSSLs and EssentialSSLs in just a few clicks with the Namecheap SSL plugin in cPanel, here's how.

On Namecheap EasyWP hosting's Turbo and Supersonic plans, there’s a free PositiveSSL provided by default. It can be installed just in a few clicks for the domain on our Web-Hosting DNS. Find more details here.

Manual activation is now required if you’re using other certificate types or if you’re going to install your certificate on a third-party server.

Now let’s go through each stage of enabling your SSL manually.


Getting started with SSL activation

Before you can receive and install your SSL, you need to activate it. SSL activation is the process of submitting your website information and a Certificate Signing Request (CSR) code to the Certificate Authority (CA), so they can send you the SSL. You can activate your certificate via your Namecheap account panel.

Here’s a how-to video:



Where to find your SSL for activation

You can initiate the activation process right after you purchase the SSL on the "Thank you!" page. Click the "Manage" button next to the SSL.

If you want to initiate activation later, you can find the SSL you bought in the Namecheap account panel. Navigate to Dashboard >> "SSL Certificates" tab >> your SSL. Press the "Activate" button next to it.

Once you click activate, you'll be led to a page that asks you to enter the CSR code.

Let’s talk about what the CSR code is and where you can get one.


CSR and Private key generation

A CSR code is an encrypted code that contains your certificate's common name (the site or server name you want to secure with the SSL) and your contact details.

It looks like a random block of code:

The CSR can either be generated on the server hosting the domain or service you want to secure or by your hosting provider. Here's how to generate the CSR both ways:

  1. Generating the CSR code via your hosting server: The process will depend on the control panel type and/or web server you use. Here are specific guides for CSR generation on commonly used servers and control panels:

  2. Submit a CSR code request to your hosting provider's support center. Not all hosting providers provide this service, but if you host a domain name with Namecheap, we're happy to generate a CSR code for you.

NOTE: If your control panel doesn't have the functionality to generate a CSR code, you can use our online generator.

Here’s a list of two-letter country code abbreviations you’ll need to create your CSR code.


What is the Private key?

When you create your CSR, a matching Private key is generated simultaneously. This is an essential code you’ll need to install your SSL when it gets issued. You cannot use any Private key when installing your certificate - it must be the one you generated at the same time as your CSR. If you lose it, you’ll have to generate a new CSR code and Private key pair and reissue the certificate.

So you need to keep the Private key safe until SSL installation. If you generated your CSR on your server, then the Private key is usually stored there. However, if you used an online tool to generate the CSR (such as our decoder.link tool), make sure you back up your Private key manually to your computer. Save the file with the .key extension.

So, once you enter your CSR code on the first activation page for your SSL, the "Primary domain" field will be auto-filled with the domain from the CSR.


Domain Control Validation method choice

The next SSL activation step is choosing your domain control validation (DCV) method. DCV is how you can verify to the issuing CA that you are authorized to use the domain you seek to secure via SSL.

  1. Pick one of the three DCV types:

    • Upload a validation file to the server - you’ll find this file in your Namecheap account after you've completed activation;
    • Add a validation CNAME record to your domain’s DNS settings - this validation record values will be available in your Namecheap account after you complete activation;
    • Receive a validation email - you can’t use just any email; it must be a generic domain-related address or your Whois record contact email. Learn more here.
  2. Specify the email address where you would like your SSL certificate to be sent.
  3. Hit the Submit button.

You’ll then be taken to the certificate management page, where you can view the Certificate & Order ID, the CA's order ID, and other certificate details.

IMPORTANT: If you’re activating an OV (Organization Validation) or EV (Extended Validation) certificate, you will be asked to submit your company contact information as well:

The "Representative" section is required only for OV certificates.

NOTE: SSL Certificates cannot be issued for domain names considered unsafe by Google Safe Browsing. All unsafe domain names will automatically be removed from Multi-Domain SSL Certificates by Comodo (now Sectigo). Check your site’s safety status here.


How to complete DCV

After activating your SSL, you’ll need to complete DCV for the domain name(s) you specified in the CSR. The CA initiates the DCV process as soon as you send the CSR with your SSL information to them via activation in your Namecheap account. Completing DCV will confirm that you have administrative rights and access to the domain name(s).

Note: The "Upload a validation file" DCV method was removed for Wildcard SSLs on October 21, 2021. Learn more.

Here’s how to complete DCV for each method:

  1. Upload a validation file - Download the validation file from the certificate management page in your Namecheap account. Upload it to the following directory: http://example.com/.well-known/pki-validation/example.txt. Find more information on how to complete this validation type here.

    Note: This method is not available for Wildcard SSLs.



    Here's the video guide on how to upload the validation file in cPanel:



  2. Add CNAME record - You must add a specific CNAME record to your domain zone file. You can find your certificate's CNAME record values in your Namecheap account.


    Here's the how-to video for this validation method:



  3. Receive an email - You must choose either a generic domain email address, such as admin@, administrator@, hostmaster@, postmaster@, webmaster@, or an email address retrieved from Whois Lookup. Sectigo will send you an email with a unique code and a link. Click the link and enter the code on the page you’re brought to.

    Here's a a quick how-to for the email-based method:



NOTE: If you do not receive an approval email within 15 minutes (and have already checked your spam/junk mail folders), or the certificate has still not been issued after one hour, and you have confirmed that the file or record is publicly accessible, please contact our SSL Support Team via live chat or our ticketing system for further assistance.

You can also switch the validation method after activation if you want to use a different method. Head to the "Details" page of your certificate, and click the "Edit methods" link in the yellow panel at the top of the page.

On the next page, click the "Edit methods" button on the right to select your preferred method from the drop-down menu.

Click "Save changes / Retry" to confirm the action.

Finally, if you have doubts about whether you’ve completed DCV correctly, please use the Sectigo Order Status Checker tool.

Once you’ve completed DCV for a domain validation level SSL, your SSL files will be issued and emailed to you within 15 minutes. You can then proceed with the installation. If you have an OV or EV SSL certificate, you will need to get through the additional verification of your company.


Verify your company

During this process, Sectigo's CA validation staff must be able to locate your company’s legal information in your country or state's official governmental database or a trusted third-party database.

Find the requirements for OV certificates on installationthis page and EV certificates in this article.


Install your certificate

When the CA has finally issued your SSL, you can install it on the hosting server. Follow the instructions below:

  1. Collect the SSL files

    Make sure you have the files your server type needs for installation. Double-check with your server provider on the exact certificate format necessary for installation on your service.

    You can download the SSL certificate files from your Namecheap account right after issuance once the SSL status updates to "Active". Head to the "SSL Certificates" list and click the "Download" button next to the selected SSL.

    The required files are:

    • SSL certificate - the file with either a .crt or .pb7 extension (both available for download)
    • CA Bundle - the file with a .ca-bundle extension
    • Private key - the file with .key extension, generated together with CSR

    The certificate and bundle files will be emailed to the administrative contact email address for the SSL order, so you can also download them from there.

    The Private key will either be located in one of two places: the hosting server where the CSR was generated; or if you used an online tool for generating the CSR code, wherever you saved the Private key afterward.

  2. Installation guides

    You can now proceed with the installation if you have all the required files. There are two main options for installing your active SSL certificate:

    1. Ask your hosting provider to install the SSL via their support center. Not all hosting providers provide such a service, and those that do may require additional installation fees. However, if you host a domain name with Namecheap, we’ll be happy to install the certificate for you. You should also ensure that your hosting provider supports third-party SSL certificates.
    2. Manually install it yourself on your hosting server. For this you will need to know the name of your hosting provider’s control panel and/or web server. Feel free to follow your cPanel's step-by-step installation guide here.

      Depending on the type of control panel and/or web server you use, please refer to our specific guides on manual installation:

  3. Installation check

    Once you've installed the SSL, you should check and see that it was done correctly. You can do this by opening the Decoder tool, pasting the domain name, and clicking the Check button.

    If you see the same status as the screenshot above, your SSL certificate was properly installed. Feel free to clear your web browser's cache and visit the website via https://. Otherwise, you can open it in your browser’s incognito mode.

Automated HTTPS redirect

Once you’ve installed your SSL correctly, your domain will be available via the https:// connection. You may still see a "Not secure" warning message displayed on the web page when you visit your website. This could mean automated redirection from http:// to https:// is not enabled on your server, especially if it’s the first time you’re using an SSL certificate on the server.

The installed SSL only makes your website accessible via a secure https:// connection. If you type in https:// manually before your website name in a browser, you will see the site opening via secure https://. But if the redirect isn’t enabled, if you don’t include https:// manually before your website name, the browser will visit the unsecure http:// version of the site.

That’s why you should create a redirection rule on the hosting server to make the https:// version of your website the default one.

Please choose your control panel or web server from the list below and follow the corresponding steps to enable the redirection:

Find the redirection guide for WordPress here.

Once the rule is created, your visitors will automatically be redirected to the https:// version of your site.

NOTE: The "URL redirect" option in the nameserver’s settings might not create the desired result. Moreover, it may result in redirect misconfiguration.


Insecure content check

Another potential issue after a successful installation is receiving a "Mixed (insecure) content" warning message in your web browser while trying to access your website securely via https://.

This message means that some of your website's content (e.g., images, fonts, scripts, etc.) has been downloaded from an insecure location. In other words, the content is loaded via http:// links instead of https:// ones.

This isn’t related to the SSL certificate itself or its installation; it’s a code debugging issue. We recommend researching it independently or contacting the responsible developer if such a case arises. Your main goal is to replace any 'http://' protocol at the beginning of all content source links with the 'https://' one.

NOTE: Find a workaround for solving insecure content issues on the dedicated page.

Here are some general tips:

  • If you have a WordPress site, an easy way to remove all the insecure requests is by installing and activating the "Really Simple SSL" plug-in from the WordPress admin panel.
  • If you have cPanel and an Apache web server, add the following header into the very first line of your website .htaccess file:

    Header set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS

You can use this online tool to get a list of all the content mixed elements on your site. You can also do it in your Google Chrome browser:

  • Select More Tools from the browser menu bar > Javascript console
  • Ctrl + Shift + J on https:// page (or Cmd + Opt + J for Mac)
  • Press F12 and click 'Console' on the https:// page

That's it!

If you have any questions or doubts or need some assistance, feel free to contact our SSL Support Team via our chat or ticketing system.

Updated
Viewed
28105 times

Need help? We're always here for you.