1. Knowledge Base
  2. >
  3. Results
  4. >
  5. How to Get and Enable Your Free SSL Certificate

How to Get and Enable Your Free SSL Certificate

This article regarding HostGator's Free SSL (Secure Sockets Layer) certificates will cover the following topics:

Pro Tip: Strengthen your credibility and reassure your customers that their content is secure. Upgrade to a paid SSL Certificate for a warranty ranging from $10k to $1.75M and TrustLogo® Site Seal.

Why a Website Needs an SSL

  • If your website requires someone to enter their personal information, credit card, or login credentials, you will want to secure your website.
  • With the SSL enabled, it will encrypt the data sent across the internet. This encryption prevents the man-in-the-middle attacks used by hackers to steal your customers' information while in transit.
  • Adding SSL to your website lets your visitors know that you are serious about your customer and site's security.

Related Articles:

How to Get a Free SSL Certificate

Taking advantage of HostGator's Free SSL is easy.

  • The Free SSL certificate will automatically be available to every domain and subdomain for new and existing cPanel platform customers.
  • Enable is the process of activating the SSL certificate.
  • Enforcing is the process of forcing the website traffic from HTTP to HTTPS using 301 redirects.
  • The Free SSL lasts for 90 days from issuance and renews automatically at no cost to you, so your site hosted with HostGator should never be without an SSL.
  • New customers will be able to add or opt-out of the Free SSL upon account sign-up.
Note: The Free SSL will not come with any warranty or site logo. For these features, the Free SSL must be upgraded to a Positive or EV SSL Certificate. For more information regarding the different types of SSL certificates, please see the article below:

Step-by-Step Guide for Enabling your Free SSL Certificate

  1. If you have a website hosted and pointed to a HostGator package. Your SSL should be ready to use and proceed to the next step to direct your customers from HTTP to HTTPS.

  2. If another provider manages your domain name and its subdomain, you will need to ensure that an A record has been created for your domain via your domain provider's dashboard. That domain needs to be associated with your HostGator package to enable the Free SSL certificate. Otherwise, you will be unable to use the Free SSL.
    Note: Your A record is the same as the server IP address you can find in the General Information section of cPanel.

    cPanel shared IP

  3. The Free SSL does not automatically force HTTPS onto the domain/ or subdomain and will need to be manually updated. This can be completed by editing the .htaccess to force HTTPS on every page.

    How Do Domain and Subdomain Look Like?

    Domain: example.com

    Subdomain:  sales.example.com

    Related Articles:
    What Is a Subdomain? (Blog)
    Subdomain vs Domain (Blog)
    Differences between Aliases, Addon Domains, and Subdomains

The steps to install the HostGator's free SSL vary. Please see the steps below for some of the popular Content Management Systems (CMS) used to build a website.

To enable HTTPS on your WordPress installation, HostGator recommends using either of the following free SSL plugins for WordPress:

For more information regarding HTTPS and WordPress, please refer to the following article:

  1. Do not forget to make a backup of your WordPress before installing any plugins.
  2. HostGator cannot offer direct support for any recommended plugins.

Here is a video tutorial on How to Force HTTPS - Using "Really Simple SSL" WordPress Plugin:


The following instructions will force HTTPS onto a Joomla site.

  1. In the configuration.php file, look for the line that contains
    $live_site ='';
  2. Update the line to add in your domain, including HTTPS,
    Example: $live_site = 'https://www.example.com';
  3. Locate the associated .htaccess file for the domain and in the following code:
    RewriteEngine On
    RewriteCond %{HTTPS} OFF
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  4. Next, open your Joomla admin panel, then click the Global Configuration.
  5. Go to the Server tab, then to Server Settings.
  6. Here you will be presented with three options for how HTTPS should function for your Joomla installation:
    • None: HTTPS will be disabled.
    • Administrator Only: Will force just the administrator page with HTTPS.
    • Entire Site: All pages will have HTTPS enabled.
  7. Click Apply/Save to update your Joomla site.

The following instructions will force HTTPS onto a Magento site.

Magento 1.x
  1. Log in to your Magento admin panel.
  2. Navigate to System, then Configuration.
  3. In the General section, select Web.
  4. Open the Secure section and update the Base URL to be:
  5. The values for Use Secure URLs in Frontend and Use Secure URLs in Admin options need to be set to Yes.
  6. Click Save Config.
  7. To see the changes appear, you will need to clear the Magento cache.
Magento 2.x
  1. Log in to your Magento admin panel.
  2. Navigate to the Stores, Configuration, and then Web.
  3. Open the Base URLs (Secure) section and update the URL in the Secure Base URL to:
  4. The values for Use Secure URLs on Storefront and Use Secure URLs in Admin options need to be set to Yes.
  5. Click Save Config.
  6. To see the changes appear, you will need to clear the Magento cache.

The following instructions will force HTTPS onto a Drupal site.

To force HTTPS on for Drupal, add the following code to your .htaccess file:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

To force HTTPS on for a HostGator Website Builder, add the following code to your .htaccess file:

RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To force HTTPS on a site manually, add the following mod_rewrite code to your .htaccess file:

  1. Log into your cPanel and locate File Manager. Take me there!

    cPanel - File Manager

  2. Click your website's root directory.
  3. Locate the .htaccess file.

    cPanel - File Manager - .htaccess file

  4. Right-click and select Edit.
  5. Add the following script at the top of the .htaccess file.
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  6. Additionally, you can input the following script to fix the Mixed Content warning on your site.
    RewriteOptions inherit
    RewriteEngine on
    Header set content-Security-Policy: upgrade-insecure-requests

    File Manager - .htaccess - SSL scripts

  7. Once done, click the Save Changes button on the right upper corner.
  8. Clear your cache, and your WordPress site will be forced to redirect to HTTPS without using a plugin.

If the site did not redirect to HTTPS after adding the above script into your .htaccess, please try these additional steps.

  1. Log into your WordPress Dashboard.
  2. On the left pane, scroll down to Settings.

    WordPress Dashboard - Settings

  3. Hover over Settings, then select General.
  4. Locate the WordPress Address (URL) and Site Address (URL) under General Settings.

    WordPress Dashboard - WordPress and Site URLs

  5. Update both URLs to reflect https (https://yourdomain.com).

    WordPress Dashboard - Update URLs from http to https

  6. Scroll down and click Save Changes.
  7. You will receive a successful confirmation prompt at the top of the page.

    WordPress Successful Confirmation prompt

The following instructions will enable the Free SSL and force HTTPS in Plesk for a domain:

Enable the Free SSL
Note: The www. subdomain will not be covered unless the Include a 'www' subdomain for the domain and each selected alias option is checked.
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Locate and click SSL/TLS Certificates.
  4. Click Let's Encrypt under the domain.
  5. Confirm the email address is valid.
  6. Click Install.

A notification will be sent to the email address specified before the SSL expires. The SSL will automatically renew 30 days before it expires, or the SSL can be renewed manually at any point.

Force HTTPs
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Click on Hosting Settings under the domain.
  4. Under Security, click the checkbox Permanent SEO-safe 301 redirect from HTTP to HTTPS.
  5. Scroll down and click OK to save.
  6. Return to Websites and Domains or click Apply to save and stay in the Hosting Settings.
  7. Navigate to your website to test the SSL certificate. If you are redirected to the secure HTTPS:// version of your site, the SSL certificate is working correctly. If you don't see the HTTPS:// prefix, please see the troubleshooting tips below.

Upgrading to a Paid SSL

To upgrade your Free SSL to a Paid SSL (Positive or EV SSL), please see the following article:

Opting-Out of the Free SSL

To opt-out of the Free SSL certificate, please see the following instructions:

  1. Log into your Customer Portal.
  2. Select Hosting from the left-hand side menu.
    HostGator Billing Portal Menu
  3. Select Manage for the hosting package that the SSL certificate should be added.
    Billing Portal Hosting Package Menu
  4. Click Manage under SSL Management.
    HostGator Billing Portal Marketplace
  5. To the right of the domain, you would like to disable the free SSL on, click the toggle under Auto-renew.
    HostGator Billing SSL Manager
  6. The toggle will then appear, stating that the auto-renewal has now been turned Off.
    HostGator Billing Disable SSL

SSL Troubleshooting & Common Questions

When viewing HTTPS on my domain, it says I don't have a certificate on my site.

  • You must have an active shared cPanel package with HostGator.
  • The domain must be pointed to your HostGator package via an A record.
  • Clear your browser cache and try viewing the site on another device after you enable the SSL certificate. Sometimes the old version of the website will be cached in your browser.

What hosting plan can get the Free SSL?

All HostGator Hosting packages are eligible for Free SSLs on all domains hosted within the hosting account and pointed by A record. 

Advanced hosting users with a VPS or Dedicated may enable it for their servers by following the guide in the link below.

What do I have to do once I get the Free SSL?

Once the Free SSL is installed, you likely will still need to direct your visitors from HTTP to HTTPS to ensure they are using the most secure path to access your site. We have a guide on different builders above in the Step-by-Step Guide for Enabling your Free SSL Certificate.

Do I need to do anything if I use a SiteLock CDN through HostGator?

The TrueShield CDN that comes with all of our SiteLock plans now provides SSL support and can be enabled in three easy steps.

  1. Log into your Customer Portal.
  2. Click SiteLock Security under the Manage column for the hosting package with SiteLock protection.
    HostGator Billing Portal Landing Page
  3. Toggle the CDN / Firewall option to On for the domain you want to utilize the CDN. You will receive a green Success message at the top of the page indicating that the CDN is now active for that domain.
    HostGator Billing Portal SiteLock CDN Enabled
If you want to disable the CDN, just repeat the same steps and toggle the CDN / Firewall option to Off.
If you have any issues with setting up your Free SSL, please contact us via phone or Live Chat so we can assist you.