How to Get and Enable Your Free SSL Certificate
This article regarding HostGator's Free SSL (Secure Sockets Layer) certificates will cover the following topics:
- How to Get a Free SSL Certificate ⤵
- Step-by-Step Guide to Enable Free SSL ⤵
- How to Upgrade from Free SSL to Paid SSL ⤵
- How to Opt out of the Free SSL ⤵
- Frequently Asked Questions (FAQs) ⤵
How to Get a Free SSL Certificate
Taking advantage of HostGator's Free SSL is easy. The Free SSL certificate will automatically be available to every domain and subdomain for new and existing cPanel platform customers. It lasts 90 days from issuance and renews automatically at no cost to you, so your site hosted with HostGator should never be without an SSL.
Please note that the Free Let's Encrypt SSL will not have any warranty or site logo. For these features, the Free SSL must be upgraded to a Positive SSL or EV SSL Certificate. For more information regarding the different types of SSL certificates, please see the article below:
Terms to remember:
- Enable is the process of activating the SSL certificate.
- Enforcing is the process of forcing the website traffic from HTTP to HTTPS using 301 redirects.
How to Enable Free Let's Encrypt SSL
- Step 1: Connect your domain to your HostGator hosting account ⤵
- Step 2: Enable the Free SSL ⤵
- Step 3: Force the website traffic from HTTP to HTTPS ⤵
Step 1: Connect your domain to your HostGator hosting account
To get your Free SSL certificate, connect your website to your HostGator account. If it's already linked, your SSL is ready to use. Then, direct your customers from HTTP to HTTPS (go to the next step).
If your domain is managed by another provider, make sure to create an A record for your domain in your domain provider's DNS dashboard. After that, link that domain to your HostGator account to enable the Free SSL certificate. Without this, you can't use the Free SSL.
For more information on how to point (connect) your domain to HostGator, please check out the following articles:
Step 2: Enable the Free SSL
- Log in to the Customer Portal.
- Navigate to the Websites tab.
- Click on the Settings button of the website you are working on.
- Navigate to the Security tab.
- If the SSL is set properly, it will show an Active status.
- If the SSL shows In Progress, you should have received an email that contains the instructions in activating your SSL.
- If you do not see an active SSL, proceed to the next step.
- Click the three-dots icon and select View SSL logs.
- You'll be redirected to your cPanel. Select your domain name and then click on the Run AutoSSL button.
Step 3: Force the website traffic from "HTTP" to "HTTPS"
The Free SSL does not automatically force HTTPS onto the domain or subdomain. It needs to be activated manually. This can be completed by editing the .htaccess to force HTTPS on every page.
The instructions for enabling Free SSL may vary depending on how you created your website. For more information on how to do this for popular applications or Content Management Systems (CMS), please click the expandable sections below.
Here is a video tutorial on how to force HTTPS using the Simple SSL WordPress plugin.
To enable HTTPS on your WordPress installation, HostGator recommends using the WordPress Simple SSL plugin.
For more information regarding HTTPS in WordPress, please visit the following article:
- Do not forget to make a backup of your WordPress before installing any plugins.
- HostGator cannot offer direct support for any recommended plugins.
To force HTTPS onto a Joomla site:
- Log in to your cPanel.
- Under the Files section, click on File Manager.
- Within the File Manager, click on your domain's document root (directory) and look for the configuration.php file.
- In the configuration.php file, look for the line that contains
$live_site ='';
- Update the line to add in your domain, including HTTPS,
Example:$live_site = 'https://www.example.com';
- Locate the associated .htaccess file for the domain and add the following code:
RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} - Open your Joomla admin panel, then click Global Configuration.
- Go to the Server tab, then click on Server Settings.
- You will be presented with three options for how HTTPS should function for your Joomla installation. Select preferred settings.
- None: HTTPS will be disabled.
- Administrator Only: Will force just the administrator page with HTTPS.
- Entire Site: All pages will have HTTPS enabled.
- Click Apply/Save to update your Joomla site.
To force HTTPS onto a Magento site:
Magento 1.x
- Log into your Magento admin panel.
- Navigate to System, then Configuration.
- In the General section, select Web.
- Open the Secure section and update the Base URL to:
https://yourdomain.com
- The values for Use Secure URLs in Frontend and Use Secure URLs in Admin options need to be set to Yes.
- Click Save Config.
- To see the changes appear, you will need to clear the Magento cache.
Magento 2.x
- Log into your Magento admin panel.
- Navigate to the Stores, Configuration, and then Web.
- Open the Base URLs (Secure) section and update the URL in the Secure Base URL to:
https://yourdomain.com
- The values for Use Secure URLs on Storefront and Use Secure URLs in Admin options need to be set to Yes.
- Click Save Config.
- To see the changes appear, you will need to clear the Magento cache.
To force HTTPS onto a Drupal site, add the following code to your .htaccess file:
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
For instructions on editing the .htaccess, please visit the How to Edit Your .htaccess File article.
To force HTTPS onto Website Builder site, add the following code to your .htaccess file:
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
For instructions on editing the .htaccess, please visit the How to Edit Your .htaccess File article.
To manually force HTTPS on a site:
- Add the following script to the top of the .htaccess file.
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Additionally, you can input the following script to fix the Mixed Content warning on your site.
RewriteOptions inherit RewriteEngine on Header set content-Security-Policy: upgrade-insecure-requests
- Once done, click the Save Changes button in the upper-right corner.
- Clear your cache, and your WordPress site will be forced to redirect to HTTPS without using a plugin.
For instructions on editing the .htaccess, please visit the How to Edit Your .htaccess File article.
Workaround: Please try these additional steps if the site was not redirected to HTTPS after adding the above script to your .htaccess.
- Log in to your WordPress Dashboard.
- On the left pane, look for Settings.
- Hover over Settings, then select General.
- Under General Settings, look for the WordPress Address (URL) and Site Address (URL) fields.
- Update both URLs to reflect https (https://yourdomain.com).
- Scroll down and click Save Changes.
- You will receive a successful confirmation prompt at the top of the page.
To enable the Free SSL and force HTTPS in Plesk for a domain:
Step 1: Enable the Free SSL
Please note that the "www." subdomain will not be covered unless you include a www subdomain for the domain and each selected alias option is selected.
- Log in to the Plesk Control Panel.
- Go to the Websites & Domains tab.
- Locate and click SSL/TLS Certificates.
- Click Let's Encrypt under the domain.
- Confirm the email address is valid.
- Click Install.
A notification will be sent to the email address specified before the SSL expires. The SSL will automatically renew 30 days before it expires, or the SSL can be renewed manually at any point.
Step 2: Force HTTPS
- Log in to the Plesk Control Panel.
- Go to the Websites & Domains tab.
- Click on Hosting Settings under the domain.
- Under Security, click the checkbox Permanent SEO-safe 301 redirect from HTTP to HTTPS.
- Scroll down and click OK to save.
- Return to Websites and Domains or click Apply to save and stay in the Hosting Settings.
- Navigate to your website to test the SSL certificate. The SSL certificate will work correctly if you are redirected to the secure HTTPS:// version of your site.
How to Upgrade from Free SSL to Paid SSL
If you're using a Free SSL and you want to upgrade to a paid SSL, it's easy to do so through your Customer Portal. HostGator offers different types of SSL, and it's important to understand the differences between them before making a decision. You can find this information in the following support article:
Once you're ready to upgrade, simply visit the article:
How to Opt out of the Free SSL
To opt out of the Free SSL certificate:
- Log in to your Customer Portal.
- Select Hosting from the left-side menu.
- Click on the Settings button of the website you are working on.
- Navigate to the Security tab.
- Click the three-dots icon on the right and select View SSL Logs.
- Click on the checkbox next to the domain name for which you are opting out of the free SSL, then select Exclude Domain from AutoSSL.
- Click on View Certificate.
- Locate the domain you are opting out for the free SSL certificate and click on Uninstall.
Frequently Asked Questions (FAQs)
Do I have to activate the Free SSL on my subdomain if it is already activated on my primary domain?
First, what's the difference between a domain and a subdomain?
A domain name is the address of a website. It is the URL that a visitor types on a browser.
A subdomain is an add-on to your primary domain name. Essentially, a subdomain is a separate part of your website that operates under the same primary domain name.
Domain: example.com
Subdomain:: sales.example.com
To answer the main question, Yes, you need to activate the Free SSL on your subdomain even if your primary domain has active Free SSL. Both are considered separate websites with their own website content and .htaccess files. The steps for activating the subdomain's Free SSL are the same as the primary domain, which was discussed above.
When viewing HTTPS on my domain, why does it say I don't have a certificate on my site?
- You must have an actively shared cPanel package with HostGator.
- The domain must be pointed to your HostGator hosting via an A record.
- Clear your browser cache and try viewing the site on another device after you enable the SSL certificate. Sometimes the old version of the website will be cached in your browser.
What hosting plan can get the Free SSL?
All HostGator hosting packages are eligible for Free SSLs on all domains hosted within the hosting account and pointed by A record.
Advanced hosting users with a VPS or Dedicated plan may enable it for their servers by following the guide below.
What do I have to do once I get the Free SSL?
Once the Free SSL is installed, you will likely need to direct your visitors from HTTP to HTTPS to ensure they use the most secure path to access your site. Please see the instructions above.