1. Knowledge Base
  2. >
  3. Results
  4. >
  5. How to Get and Enable Your Free SSL Certificate

How to Get and Enable Your Free SSL Certificate

This article regarding HostGator's Free SSL (Secure Sockets Layer) certificates will cover the following topics:

Pro Tip: Strengthen your credibility and reassure your customers that their content is secure. Upgrade to a paid SSL Certificate for a warranty ranging from $10k to $1.75M and TrustLogo® Site Seal.

Why a website needs an SSL

You may ask yourself why people are getting SSL for their websites and what does it do for them? Here are some of the reasons why SSL is considered important, especially for e-commerce websites.

  • If your website requires someone to enter their personal information, credit card, or login credentials, you will want to secure your website.
  • With the SSL enabled, it will encrypt the data sent across the internet. This encryption prevents the man-in-the-middle attacks used by hackers to steal your customers' information while in transit.
  • Adding SSL to your website lets your visitors know that you are serious about your customer and site's security.

Related Articles:


How to get a free SSL certificate

Taking advantage of HostGator's Free SSL is easy.

  • The Free SSL certificate will automatically be available to every domain and subdomain for new and existing cPanel platform customers.
  • Enable is the process of activating the SSL certificate.
  • Enforcing is the process of forcing the website traffic from HTTP to HTTPS using 301 redirects.
  • The Free SSL lasts for 90 days from issuance and renews automatically at no cost to you, so your site hosted with HostGator should never be without an SSL.
  • New customers will be able to add or opt-out of the Free SSL upon account sign-up.
Note: The Free SSL will not come with any warranty or site logo. For these features, the Free SSL must be upgraded to a Positive SSL or EV SSL Certificate. For more information regarding the different types of SSL certificates, please see the article below:

Step-by-step guide to enable free SSL certificate 

Step 1: Connect your domain to your HostGator hosting account.

Your website must be connected to your HostGator account to activate your Free SSL certificate.

If your website is already connected to your HostGator account, your SSL should be ready to use, and you can now proceed to the next step to direct your customers from HTTP to HTTPS.

If your domain is being managed by another domain provider, you need to ensure that an A record has been created for your domain via your domain provider's DNS dashboard. That domain needs to be linked to your HostGator account to enable the Free SSL certificate. Otherwise, you will be unable to use the Free SSL.

Note: Your A record is the Shared IP address located in your Customer Portal and cPanel.

For more information on how to point (connect) your domain to HostGator, please check out the following articles:

Step 2: Force the website traffic from HTTP to HTTPS

The Free SSL does not automatically force HTTPS onto the domain or subdomain. It needs to be activated manually. This can be completed by editing the .htaccess to force HTTPS on every page.

Depending on how you created your websites, the instructions to activate the Free SSL vary. For instructions on how to activate the Free SSL on some popular Content Management Systems (CMS) used to build websites, click the expands below. 

Here is a video tutorial on How to Force HTTPS - Using Simple SSL WordPress Plugin.

To enable HTTPS on your WordPress installation, HostGator recommends using either of the following free SSL plugins for WordPress:

For more information regarding HTTPS and WordPress, please refer to the following article:

Notes:
  1. Do not forget to make a backup of your WordPress before installing any plugins.
  2. HostGator cannot offer direct support for any recommended plugins.

The following instructions will force HTTPS onto a Joomla site.

  1. Log in to your cPanel.
  2. Locate File Manager.

    cPanel - File Manager

  3. Go to public_html if you have a single domain to find the configuration.php file. (If you have other domains, access that domain's document root to edit the configuration.php.).
  4. In the configuration.php file, look for the line that contains
    $live_site ='';
  5. Update the line to add in your domain, including HTTPS,
    Example: $live_site = 'https://www.example.com';
  6. Locate the associated .htaccess file for the domain and add the following code:
    RewriteEngine On
    RewriteCond %{HTTPS} OFF
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

     
  7. Next, open your Joomla admin panel, then click the Global Configuration.
  8. Go to the Server tab, then to Server Settings.
  9. Here you will be presented with three options for how HTTPS should function for your Joomla installation:
    • None: HTTPS will be disabled.
    • Administrator Only: Will force just the administrator page with HTTPS.
    • Entire Site: All pages will have HTTPS enabled.
  10. Click Apply/Save to update your Joomla site.

The following instructions will force HTTPS onto a Magento site.

Magento 1.x
  1. Log into your Magento admin panel.
  2. Navigate to System, then Configuration.
  3. In the General section, select Web.
  4. Open the Secure section and update the Base URL to be:
    https://yourdomain.com
  5. The values for Use Secure URLs in Frontend and Use Secure URLs in Admin options need to be set to Yes.
  6. Click Save Config.
  7. To see the changes appear, you will need to clear the Magento cache.
Magento 2.x
  1. Log into your Magento admin panel.
  2. Navigate to the Stores, Configuration, and then Web.
  3. Open the Base URLs (Secure) section and update the URL in the Secure Base URL to:
    https://yourdomain.com
  4. The values for Use Secure URLs on Storefront and Use Secure URLs in Admin options need to be set to Yes.
  5. Click Save Config.
  6. To see the changes appear, you will need to clear the Magento cache.

The following instructions will force HTTPS onto a Drupal site.

To force HTTPS on for Drupal, add the following code to your .htaccess file:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

To force HTTPS on for a HostGator Website Builder, add the following code to your .htaccess file:

RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To force HTTPS on a site manually, add the following mod_rewrite script; please refer to this article How to Edit Your .htaccess File.

  1. Add the following script at the top of the .htaccess file.
    RewriteEngine On   
    
    RewriteCond %{HTTPS} !=on   
    
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]   
    
    
  2. Additionally, you can input the following script to fix the Mixed Content warning on your site.
    RewriteOptions inherit   
    
    RewriteEngine on   
    
    Header set content-Security-Policy: upgrade-insecure-requests   
    
    

    File Manager - .htaccess - SSL scripts

  3. Once done, click the Save Changes button on the right upper corner.
    class=
  4. Clear your cache, and your WordPress site will be forced to redirect to HTTPS without using a plugin.

Please try these additional steps if the site did not redirect to HTTPS after adding the above script into your .htaccess.

  1. Log in to your WordPress Dashboard.
  2. On the left pane, scroll down to Settings.

    WordPress Dashboard - Settings

  3. Hover over Settings, then select General.
  4. Locate the WordPress Address (URL) and Site Address (URL) under General Settings.

    WordPress Dashboard - WordPress and Site URLs

  5. Update both URLs to reflect https (https://yourdomain.com).

    WordPress Dashboard - Update URLs from http to https

  6. Scroll down and click Save Changes.
  7. You will receive a successful confirmation prompt at the top of the page.

    WordPress Successful Confirmation prompt

The following instructions will enable the Free SSL and force HTTPS in Plesk for a domain:

Enable the Free SSL
Note: The www. subdomain will not be covered unless the Include a www subdomain for the domain and each selected alias option is checked.
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Locate and click SSL/TLS Certificates.
  4. Click Let's Encrypt under the domain.
  5. Confirm the email address is valid.
  6. Click Install.

A notification will be sent to the email address specified before the SSL expires. The SSL will automatically renew 30 days before it expires, or the SSL can be renewed manually at any point.

Force HTTPS
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Click on Hosting Settings under the domain.
  4. Under Security, click the checkbox Permanent SEO-safe 301 redirect from HTTP to HTTPS.
  5. Scroll down and click OK to save.
  6. Return to Websites and Domains or click Apply to save and stay in the Hosting Settings.
  7. Navigate to your website to test the SSL certificate. The SSL certificate is working correctly if you are redirected to the secure HTTPS:// version of your site.

Upgrading to a Paid SSL

You can now upgrade your Free SSL to a Paid SSL (Positive or EV SSL) within your Customer Portal. For more information on how to upgrade, please see the article Customer Portal - SSL Certificates.
 


Opting-out of the Free SSL

To opt-out of the Free SSL certificate:

  1. Log in to your Customer Portal.
  2. Select Hosting from the left-hand side menu.
    HostGator Billing Portal Menu
  3. Locate the hosting package where you want to manage your Free SSL. Click its Manage link.
    Billing Portal Hosting Package Menu
  4. Under the Overview tab, look for SSL Management and click Manage.HostGator Billing Portal Marketplace
  5. Locate your domain, then toggle Auto-renew to disable Let's Encrypt SSL, your Free SSL certificate. 
    HostGator Billing SSL Manager
  6. The toggle will state that the auto-renewal has now been turned Off.
    HostGator Billing Disable SSL

Frequently Asked Questions (FAQs)

Do I have to activate the Free SSL on my subdomain if it is already activated on my primary domain?

First, what's the difference between a domain and subdomain?

A domain name is the address of a website. It is the URL that a visitor types on a browser.

A subdomain is an add-on to your primary domain name. Essentially, a subdomain is a separate part of your website that operates under the same primary domain name.

Domain: example.com
Subdomain:  sales.example.com

To answer the main question, Yes, you need to activate the Free SSL on your subdomain even if your primary domain has active Free SSL. Both are considered separate websites with their own website content and .htaccess files. The steps on activating the subdomain's Free SSL are the same as the primary domain, which was discussed above.

When viewing HTTPS on my domain, it says I don't have a certificate on my site.

  • You must have an actively shared cPanel package with HostGator.
  • The domain must be pointed to your HostGator package via an A record.
  • Clear your browser cache and try viewing the site on another device after you enable the SSL certificate. Sometimes the old version of the website will be cached in your browser.

What hosting plan can get the Free SSL?

All HostGator hosting packages are eligible for Free SSLs on all domains hosted within the hosting account and pointed by A record. 

Advanced hosting users with a VPS or Dedicated plan may enable it for their servers by following the guide in the link below.

What do I have to do once I get the Free SSL?

Once the Free SSL is installed, you will likely need to direct your visitors from HTTP to HTTPS to ensure they use the most secure path to access your site. We have a guide on different builders above in the Step-by-step guide to enable Free SSL certificate.

If you have any issues with setting up your Free SSL, please contact us via phone or Live Chat so we can assist you.