How to Get and Enable Your Free SSL Certificate
This article regarding HostGator's Free SSL (Secure Sockets Layer) certificates will cover the following topics:
- How to get a Free SSL certificate ⤵
- Step-by-step guide to enable Free SSL ⤵
- Upgrading to a premium SSL ⤵
- Opting out of the Free SSL ⤵
- Free SSL FAQs ⤵
How to get a free SSL certificate
Taking advantage of HostGator's Free SSL is easy.
- The Free SSL certificate will automatically be available to every domain and subdomain for new and existing cPanel platform customers.
- Enable is the process of activating the SSL certificate.
- Enforcing is the process of forcing the website traffic from HTTP to HTTPS using 301 redirects.
- The Free SSL lasts 90 days from issuance and renews automatically at no cost to you, so your site hosted with HostGator should never be without an SSL.
- New customers can add or opt out of the Free SSL upon account sign-up.
Step-by-step guide to enable Free Let's Encrypt SSL
Step 1: Connect your domain to your HostGator hosting account
Your website must be connected to your HostGator account to activate your Free SSL certificate.
If your website is already connected to your HostGator account, your SSL should be ready to use, and you can now proceed to the next step to direct your customers from HTTP to HTTPS.
If your domain is being managed by another domain provider, you must ensure that an A record has been created for your domain via your domain provider's DNS dashboard. That domain must be linked to your HostGator account to enable the Free SSL certificate. Otherwise, you will be unable to use the Free SSL.
For more information on how to point (connect) your domain to HostGator, please check out the following articles:
Step 2: Force the website traffic from HTTP to HTTPS
The Free SSL does not automatically force HTTPS onto the domain or subdomain. It needs to be activated manually. This can be completed by editing the .htaccess to force HTTPS on every page.
Depending on how you created your websites, the instructions to activate the Free SSL vary. For instructions on activating the Free SSL on some popular Content Management Systems (CMS) used to build websites, click the expands below.
Here is a video tutorial on How to Force HTTPS - Using the Simple SSL WordPress plugin.
To enable HTTPS on your WordPress installation, HostGator recommends using either of the following free SSL plugins for WordPress:
For more information regarding HTTPS and WordPress, please refer to the following article:
- Do not forget to make a backup of your WordPress before installing any plugins.
- HostGator cannot offer direct support for any recommended plugins.
The following instructions will force HTTPS onto a Joomla site.
- Log in to your cPanel.
- Locate File Manager.
- Go to public_html if you have a single domain to find the configuration.php file. (If you have other domains, access that domain's document root to edit the configuration.php.).
- In the configuration.php file, look for the line that contains
$live_site ='';
- Update the line to add in your domain, including HTTPS,
Example:$live_site = 'https://www.example.com';
- Locate the associated .htaccess file for the domain and add the following code:
RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
- For instructions on editing the .htaccess, please refer to this article How to Edit Your .htaccess File.
- Next, open your Joomla admin panel, then click the Global Configuration.
- Go to the Server tab, then to Server Settings.
- Here you will be presented with three options for how HTTPS should function for your Joomla installation:
- None: HTTPS will be disabled.
- Administrator Only: Will force just the administrator page with HTTPS.
- Entire Site: All pages will have HTTPS enabled.
- Click Apply/Save to update your Joomla site.
The following instructions will force HTTPS onto a Magento site.
Magento 1.x- Log into your Magento admin panel.
- Navigate to System, then Configuration.
- In the General section, select Web.
- Open the Secure section and update the Base URL to be:
https://yourdomain.com
- The values for Use Secure URLs in Frontend and Use Secure URLs in Admin options need to be set to Yes.
- Click Save Config.
- To see the changes appear, you will need to clear the Magento cache.
- Log into your Magento admin panel.
- Navigate to the Stores, Configuration, and then Web.
- Open the Base URLs (Secure) section and update the URL in the Secure Base URL to:
https://yourdomain.com
- The values for Use Secure URLs on Storefront and Use Secure URLs in Admin options need to be set to Yes.
- Click Save Config.
- To see the changes appear, you will need to clear the Magento cache.
The following instructions will force HTTPS onto a Drupal site.
To force HTTPS on for Drupal, add the following code to your .htaccess file:
RewriteCond %{HTTPS} off [OR]RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
- For instructions on editing the .htaccess, please refer to this article How to Edit Your .htaccess File.
To force HTTPS on for a HostGator Website Builder, add the following code to your .htaccess file:
RewriteEngine OnRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
- For instructions on editing the .htaccess, please refer to this article How to Edit Your .htaccess File.
To manually force HTTPS on a site, add the following mod_rewrite script; please refer to this article, How to Edit Your .htaccess File.
- Add the following script at the top of the .htaccess file.
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Additionally, you can input the following script to fix the Mixed Content warning on your site.
RewriteOptions inherit RewriteEngine on Header set content-Security-Policy: upgrade-insecure-requests
- Once done, click the Save Changes button in the upper right corner.
- Clear your cache, and your WordPress site will be forced to redirect to HTTPS without using a plugin.
Please try these additional steps if the site did not redirect to HTTPS after adding the above script to your .htaccess.
- Log in to your WordPress Dashboard.
- On the left pane, scroll down to Settings.
- Hover over Settings, then select General.
- Locate the WordPress Address (URL) and Site Address (URL) under General Settings.
- Update both URLs to reflect https (https://yourdomain.com).
- Scroll down and click Save Changes.
- You will receive a successful confirmation prompt at the top of the page.
The following instructions will enable the Free SSL and force HTTPS in Plesk for a domain:
Enable the Free SSL- Log in to the Plesk Control Panel.
- Go to the Websites & Domains tab.
- Locate and click SSL/TLS Certificates.
- Click Let's Encrypt under the domain.
- Confirm the email address is valid.
- Click Install.
A notification will be sent to the email address specified before the SSL expires. The SSL will automatically renew 30 days before it expires, or the SSL can be renewed manually at any point.
Force HTTPS- Log in to the Plesk Control Panel.
- Go to the Websites & Domains tab.
- Click on Hosting Settings under the domain.
- Under Security, click the checkbox Permanent SEO-safe 301 redirect from HTTP to HTTPS.
- Scroll down and click OK to save.
- Return to Websites and Domains or click Apply to save and stay in the Hosting Settings.
- Navigate to your website to test the SSL certificate. The SSL certificate is working correctly if you are redirected to the secure HTTPS:// version of your site.
Upgrading to a Paid SSL
You can now upgrade your Free SSL to a Paid SSL within your Customer Portal. HostGator offers different types of SSL. Please check out the following support article to guide you in finding out the differences between these SSL plans.
For more information on how to upgrade, please visit the article:
Opting out of the Free SSL
To opt out of the Free SSL certificate:
- Log in to your Customer Portal.
- Select Hosting from the left-hand side menu.
- Locate the hosting package where you want to manage your Free SSL. Click its Manage link.
- Under the Overview tab, look for SSL Management and click Manage.
- Locate your domain, then toggle Auto-renew to disable Let's Encrypt SSL, your Free SSL certificate.
- The toggle will state that the auto-renewal has now been turned Off.
Frequently Asked Questions (FAQs)
Do I have to activate the Free SSL on my subdomain if it is already activated on my primary domain?
First, what's the difference between a domain and a subdomain?
A domain name is the address of a website. It is the URL that a visitor types on a browser.
A subdomain is an add-on to your primary domain name. Essentially, a subdomain is a separate part of your website that operates under the same primary domain name.
Domain: example.com
Subdomain:: sales.example.com
To answer the main question, Yes, you need to activate the Free SSL on your subdomain even if your primary domain has active Free SSL. Both are considered separate websites with their own website content and .htaccess files. The steps for activating the subdomain's Free SSL are the same as the primary domain, which was discussed above.
When viewing HTTPS on my domain, it says I don't have a certificate on my site.
- You must have an actively shared cPanel package with HostGator.
- The domain must be pointed to your HostGator hosting via an A record.
- Clear your browser cache and try viewing the site on another device after you enable the SSL certificate. Sometimes the old version of the website will be cached in your browser.
What hosting plan can get the Free SSL?
All HostGator hosting packages are eligible for Free SSLs on all domains hosted within the hosting account and pointed by A record.
Advanced hosting users with a VPS or Dedicated plan may enable it for their servers by following the guide below.
What do I have to do once I get the Free SSL?
Once the Free SSL is installed, you will likely need to direct your visitors from HTTP to HTTPS to ensure they use the most secure path to access your site. We have a guide on different builders above in the Step-by-step guide to enable Free SSL certificate.