SSL Proxy is a server that helps your website handle secure connections, route traffic to your origin server, and blocks certain types of attacks. Think of it as a smart shield between your site and the outside world — speeding things up while keeping you safe.
Traditionally, installing an SSL certificate meant doing everything yourself:
Then, doing it all over again every year.
When you enable an SSL Proxy, it becomes the entry point for all traffic to your site instead of your server. That means an SSL must be installed on the SSL Proxy to protect that connection.
Our system handles the entire process: it generates the CSR and private key directly on the SSL Proxy, validates domain control, and installs the certificate for you. You don’t need to do a thing.
Your site gets a secure connection, faster load times, and a fully automated SSL setup. The SSL Proxy is completely free when using our SSL.
For single-domain and Wildcard SSLs, we use a proprietary SSL Proxy service. It is not provided as a separate product and does not offer caching or traffic analytics. Instead, it is much simpler to manage.
Want to learn more about setting up SSL automation on SSL Proxy? Check out this quick guide.
No, it's optional. When you use our SSL Proxy, visitors connect securely to it using a trusted SSL certificate we manage for you.
The SSL Proxy then fetches content from your server. This connection happens behind the scenes, without any browsers involved. If your server uses HTTP only, the connection between the SSL Proxy and your server won't be encrypted — but public traffic is still secure. If your server supports HTTPS (even with a self-signed SSL), the entire chain stays encrypted.
Why does a self-signed SSL work? Because browsers aren't part of this connection. The SSL Proxy talks directly to your server. The only thing that matters is that your server responds over HTTPS.
If you want full end-to-end encryption, you can install a self-signed SSL on your server. If you don't, your site will still stay fully secure for visitors, since the connection to the SSL Proxy is already protected.
Here's how to generate a self-signed SSL — you'll only need to install it once.
If you're using a hosting control panel (like cPanel, Plesk, DirectAdmin), paste both the Certificate and Private Key into the SSL or TLS manager section.
If you're installing via SSH, create two files: your_domain.crt — paste the Certificate code, your_domain.key — paste the Private Key code
For IIS, you'll need to convert the .crt and .key files into a single PKCS#12 file (.pfx).
Once you have the files, follow these installations steps for your server or contact us for help.
Coming soon: we'll offer a trusted long-term cert for this exact purpose, so you won't need to generate anything yourself.
Your site will show "Connection is secure" in Chrome when you click the site info icon in the address bar. In browsers like Firefox or Safari, you'll still see a padlock icon.
In your Namecheap account, the SSL status will be marked as "Installed".
You can disable SSL Proxy completely or from specific subdomains, if you have a Wildcard SSL, by following these instructions.
Alternative options to the SSL Proxy are:
If something didn't work as expected, we really want to hear about it. Your feedback helps us improve.
Let us know what went wrong at sslsupport@namecheap.com or start a live chat.
Need help? We're always here for you.