How Do I Activate an SSL Certificate
Steps to Get SSL Certificate Activated
After your SSL purchase, activate your certificate in order to make it actually work for your website.
Before you begin with the SSL activation, you'll first need to have a CSR code generated on your server by your hosting provider. You may also generate one yourself by following our guide on generating CSR code.
In either case, be sure to note the following tips before you begin:
Important tips before you activate SSL
Note: If you need to activate the renewal certificate, it should be done from the Domain list. The SSL certificates list contains only the certificates which are not assigned to any domain name yet. Since the renewal certificates are linked to the domain names, they can be located in the Domain list after clicking on V button and expanding the list of services.
- Important: Usually, a dedicated IP address is required for SSL installation. However, if you have SNI technology available on your server, you can install your SSL certificate on a shared IP address. Check SNI availability for your hostname with your hosting provider prior to SSL certificate activation in order to avoid any of the known issues that may occur with this type of SSL certificate installation.
- Ensure to locate and back up the RSA private key that will arrive with your CSR code, as it will be required for the installation. It will not be possible to install the certificate without this code.
- Ask your hosting company to advise you on the server type (software your server is using for CSR generation) for your hostname. This will be useful information to have during installation.
Note: Please make sure that your hosting provider supports third-party SSL certificates!
- If you are using Namecheap hosting services, please review this article for help.
Once you have a CSR code generated, login to your Namecheap account and start the activation:
Hover your mouse over your account username in the upper left corner, then select Dashboard.
Next, select Product List > SSL Certificates.
Activate your SSL
Click on Activate next to the certificate you wish to activate.
Enter (or copy-and-paste) your CSR code and choose the web server type from the drop-down menu. Once done, click Next.
Note: In this step, if you are activating a multi-domain certificate, you need to specify the additional domains you wish to include in the issued certificate. Certificate activation process for Multi-Domain certificate is described in details here.
Note: SSL Certificates cannot be issued for domains considered unsafe by Google Safe Browsing. All unsafe domains will automatically be removed from Multi-Domain SSL Certificates by Sectigo (former Comodo). Check Safe Browsing site status here.
- Check the server type which corresponds to your hosting server. Depending on the selected option, the issued certificate will be emailed to you in either PEM or PKCS7 format accordingly.
Keep in mind that regardless of the selected type, the certificate will be available to download in both formats in your Namecheap account when it is issued. If you are not sure what to select, you can check with your hosting provider or our SSL Support Team, or simply select either of the options.
On the next page, select Email validation, HTTP-based validation or DNS-based validation as the domain control validation method from the drop-down list.
For email validation, select an email address to which the approval email will be sent. For security reasons, the approval email can only be sent to a generic email associated with the domain name (e.g., webmaster@, postmaster@, hostmaster@, administrator@, admin@, etc.) or to the registered Whois email address.
For HTTP-based validation, you will need to upload a certain text file into into a particular directory of your website (/.well-known/pki-validation/)to have the certificate issued. You'll then be able to download the certificate file in your account after the order is submitted to the Certificate Authority for activation.
Note: If you have activated the certificate with domain.com or www.domain.com
indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this
case, www.domain.com is considered to be under your control as well.
Content of the file shouldn't be changed in any way, as Sectigo (former Comodo) validation system is case sensitive.
For DNS-based validation, you need to create a special CNAME record in the DNS records for your domain. This record will be also provided after the activation.
You can find more details about validation methods here.
Once you have selected appropriate DCV method, click Next.
- Enter email address you would like to receive SSL certificate to and proceed further.
Note: administrative contact email cannot be changed later, however, issued SSL can always be downloaded from the Namecheap account.
In case organization or extended validation certificate is activated, you will be asked to submit company contact information:
Note: The "Representative" section is required only for OV certificates.
Review information and click Submit to confirm your certificate request.
Once done, you will be taken to the Certificate Management page where you can view the Order ID, Certificate Authority's order ID, and other details of the certificate.
Note: You can also resend the approval email right from this page using the corresponding link. If the HTTP-based or the DNS-based method was selected for the SSL order, the resend email here link will lead you to the page with the DCV options.
By clicking the go to the details page link, you can review certificate-related information, re-send the approval email, download the necessary file for HTTP-based validation, select a different validation method, and check the CNAME record.
Confirmation to Enable SSL Certificate
Confirmation emails are delivered to the approval address within 10 minutes after the activation. You must confirm the issuance by clicking the link included in the approval email. The validated certificate will then be sent to the administrative email address selected during activation.
HTTP-based and CNAME-based validation may take longer, as the Certificate Authority will need to locate the file or record. Please make sure that the file is publicly accessible and that there is no firewall blocking the requests behind your server.
The validation system used by Certificate Authority performs automatic checks of the validation file/record over a certain period of time. If validation fails, double-check that the file/record data is correct and accessible and make any necessary edits. Once the information is correct and accessible, the file/record should be validated when the CA validation system runs its next check.
Sectigo (former Comodo) OV/EV certificates will still send a domain validation email prior to the CA's document submission request. If you order an OV/EV certificate, Certificate Authority will send you a list of documents required to verify your business, depending on the type of the certificate. To expedite the certificate issuance, also make sure that the Whois for your domain contains the correct contact information. Order processing by Certification Authority may take up to an hour. If you do not receive an approval email within the specified time frame or the certificate has not been issued after one hour, and you have confirmed that the file or record is publicly accessible, please contact our SSL Support Team via live chat or ticket system for further assistance.