If y'all are running an ecommerce site, accepting credit cards, or passing information that needs to be encrypted, you'll need to install an SSL document on your WordPress site. Having an SSL certificate volition allow you to enable HTTPS, which ensures that no information is passed in plain text. In fact, we recommend all sites utilize HTTPS, equally information technology has a lot of additional benefits beyond security.

Follow the steps below on how to install a new SSL certificate for your WordPress site on Kinsta.

Note: If you take an existing SSL document you'd like to transfer over, bank check out our guide on how to transfer an existing SSL document.

Adopt to sentinel the video version?

Option ane – Costless Cloudflare SSL

On Kinsta, all verified domains are automatically protected by our Cloudflare integration, which includes free SSL certificates with wildcard support. This ways that unless you lot take a specific reason to add together a custom SSL, you won't have to worry near manually configuring an SSL on Kinsta.

Option 2 – Install Custom SSL Certificate

For users who prefer to go the custom SSL route, MyKinsta supports custom SSL certificates as well. Nonetheless, we only support custom SSL certificates that include wildcard domain support at this fourth dimension. If your custom SSL doesn't back up wildcard domains, nosotros recommend using our free Cloudflare SSL or purchasing a custom SSL that covers wildcard domains as well.

Step ane – Buy SSL Certificate

Buy your SSL document from whatever vendor you like, such equally Comodo, DigiCert, GeoTrust, Thawte, or Trustwave. Kinsta supports all types of SSL certificates, as long as they include wildcard domain back up.

Footstep ii – Server Type

When purchasing a new SSL document, yous are asked to provide the server type. The type of our spider web server is Nginx. If that option is not available, and then "Apache" or "Other" will piece of work too.

Footstep three – Generate CSR and Private Key

A CSR (Certificate Signing Request) will exist needed by the SSL provider to create/sign the document file. For generating a CSR and RSA key (together known as a cardinal pair), delight complete this form: Online CSR and Primal Generator.

We recommend filling out every field, but at a minimum, you should fill in the following, as seen in the example below:

  • Mutual proper noun (domain proper name)
  • Email Address
  • Arrangement
  • City / Locality
  • State / County / Region
  • Country

Note: For the mutual name field, if you're generating a wildcard certificate, you'll need to input your domain name like *.domain.com.

Generate CSR form
Generate CSR form

The class will generate the individual key file and the CSR. Save both of those, every bit the certificate will be unusable without them.

CSR and private key
CSR and private key

Step iv

Upload your CSR with your SSL provider to regenerate your SSL certificate (.cert).

Footstep 5

In MyKinsta, navigate to Sites > sitename > Domains. Click on the dropdown card next to the domain you want to add together a custom SSL document for and click Add Custom SSL Document.

Add a custom SSL certificate.
Add together a custom SSL certificate

Step six

Next, y'all'll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next push button to proceed to the side by side footstep.

Custom SSL domains.
Custom SSL domains.

Step 7

Y'all will then be able to add together your individual key (.cardinal) and certificate (.cert, .cer., or .crt file). Most SSL providers will email you a .crt or .cer file and a .ca-bundle file. You lot tin use a text editor like Notepad++ or TextMate to open the document and bundle files.

Paste the contents of your .crt file in the .cert file contents section first and then the contents of the .ca-bundle file below it.

Paste your .key and .cert files into MyKinsta.
Paste your .key and .cert files into MyKinsta.

Annotation: If you don't have your intermediate certificates, you can use a free tool similar What's My Concatenation Cert or Certificate Chain Composer to generate the certificate chain. Copy and paste this certificate chain (which includes your intermediate certificates) in the .cert file contents section.

Click the Add Certificate button to finalize the configuration process.

How to Check Your SSL Certificate

After yous have installed your SSL certificate, nosotros recommend running an SSL check to verify that everything is prepare up correctly. An invalid SSL certificate can crusade your visitors to be faced with the "your connection is not private" error.

How to Renew Your SSL Certificate

An SSL document doesn't last forever, so it will need to exist renewed earlier information technology expires. If y'all're not sure if your site is using our costless Cloudflare SSL certificate or a custom SSL certificate, there are a couple of ways you tin can bank check to see who the issuer is. If the issuer proper noun is annihilation other than Cloudflare, your site is using a custom SSL document.

To cheque the issuer name, view the certificate in your browser and look for the Organization in the Issuer Name section, or use a tool like SSLShopper'south SSL Checker and view the Issuer data.

Check for SSL issuer name with SSLShopper SSL Checker.
Check for SSL issuer name with SSLShopper SSL Checker.

Free Cloudflare SSL Certificates

If you're using our free Cloudflare SSL certificate and using Kinsta DNS for your site, the renewal procedure is automatically handled by Cloudflare. If you're non using Kinsta DNS, you lot'll demand to add a TXT record to your domain for the renewal. For more than details, see our guide on Gratuitous SSL Renewals.

Custom SSL Certificates

If you have a custom SSL certificate, y'all'll demand to renew information technology with the SSL provider or domain registrar from which it was purchased. In one case your SSL is renewed, you'll need to re-upload it in MyKinsta.

How to Force HTTPS

After installing an SSL document, you'll have the choice to force HTTPS in MyKinsta. This feature allows y'all to automatically forward all incoming requests to HTTPS.

Force HTTPS in MyKinsta.
Force HTTPS in MyKinsta.

Our force HTTPS tool gives you lot two options – Strength all traffic to the primary domain and Use requested domain. For normal WordPress sites, we recommend using the first option, which will force a 301 redirect to the HTTPS version of your approved domain. The second selection is useful for WordPress multisite, which may have multiple domains assigned to the same site.

Force HTTPS options.
Force HTTPS options.

Summary

At Kinsta, we support both free Cloudflare SSL certificates and custom SSLs. For most users, our Cloudflare SSL integration provides HTTPS back up at no additional cost. Yet, if y'all have a specific use case that requires a custom SSL, we back up that as well. If you accept any questions most how to add together an SSL certificate to your site, reach out to our 24/7 Support team!