1. Knowledge Base
  2. >
  3. Hosting Products
  4. >
  5. HostGator Free SSL

HostGator Free SSL

This article regarding HostGator's Free SSL (Secure Sockets Layer) certificates will cover the following topics:


Why a Website Needs an SSL

If your website requires someone to enter their personal information, credit card, or login credentials, you will want to secure your website. When the site is secure, it will encrypt the data sent across the internet. This encryption prevents the man-in-the-middle attacks used by hackers to steal your customers' information while in transit.

There are two steps needed to secure a website. One, you will need to get an SSL certificate for the domain and two, the site will need to be forced to use the SSL. This means that instead of going to HTTP, the site will automatically use HTTPS and encrypt information that is sent across the web. It is essential that you configure the website to enable or force the domain to use the SSL certificate.

Free SSL Certificate

Taking advantage of HostGator's Free SSL is easy. The Free SSL certificate will automatically be added to every domain for new and existing cPanel platform customers. Enabling (or forcing) the SSL certificate will give your domain an "https://" prefix, which ensures your website will be labeled as "secure" in most web browsers. We have added the Free SSL to the cPanel accounts so that our customers can benefit from an SSL on their domain(s).

There are many advantages to having a secure connection on your website. With the update to Chrome’s browser interface, there is a visible padlock displayed in the address bar to indicate if a site is using HTTPS instead of HTTP. To have the 'green' padlock bar show, you will need to upgrade to the EV SSL Certificate. View our blog article regarding Chrome browser changes to see all that Chrome is doing to encourage site owners to use HTTPS.

Search engines do take into consideration if a website uses an SSL certificate to which it can benefit a site’s ranking. Visitors to a website also pay attention if a website is secure or not. Typically a visitor to a site will feel more secure in providing personal information or purchasing products when they see the padlock associated with an SSL certificate.

The Free SSL lasts for 90 days from issuance and renews automatically at no cost to you so your site hosted with HostGator should never be without an SSL.

If you do have an existing paid SSL certificate installed, it will not be affected and will remain active. Any expired paid SSL certificates will automatically convert to the Free SSL certificate if the domain has not opted-out.

New customers will be able to add or opt-out of the Free SSL upon account sign-up.

Note: The Free SSL will not come with any warranty or site logo. For these features, the Free SSL must be upgraded to a Positive or EV SSL Certificate. For more information regarding the different types of SSL certificates please see the article below:

Step by Step Guide for Enabling your Free SSL Certificate

  1. If you have a website hosted and pointed to a HostGator package, your SSL should be ready to use and can proceed to the next step to direct your customers from HTTP to HTTPS. If another provider manages your domain name, you will need to ensure that an A record has been created for your domain via your domain provider's dashboard. That domain needs to be associated with your HostGator package to enable the Free SSL certificate for it. Otherwise, you will be unable to use the Free SSL.

  2. The Free SSL does not automatically force HTTPS onto the domain and will need to be manually updated. This can be completed by updating the .htaccess to force HTTPS on every page. Forcing your site to use the SSL via HTTPS will ensure that information sent through the website will be encrypted. This information may be a customer's contact information, credit card, login, etc. Please see the following links for more information on how to complete this:

To enable HTTPS on your WordPress installation HostGator recommends using either of the following plugins:

For more information regarding HTTPS and WordPress please refer to the following article:

Notes:
  1. Do not forget to make a backup of your WordPress before installing any plugins.
  2. HostGator cannot offer direct support for any recommended plugins.

The following instructions will force HTTPS onto a Joomla site.

  1. In the configuration.php file look for the line that contains
    $live_site ='';
  2. Update the line to add in your domain including HTTPS,
    Example: $live_site = 'https://www.example.com';
  3. Locate the associated .htaccess file for the domain and in the following code:
    RewriteEngine On
    RewriteCond %{HTTPS} OFF
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  4. Next, open your Joomla admin panel, then click Global Configuration.
  5. Go to the Server tab, then to Server Settings.
  6. Here you will be presented with three options for how HTTPS should function for your Joomla installation:
    • None: HTTPS will be disabled.
    • Administrator Only: Will force just the administrator page with HTTPS.
    • Entire Site: All pages will have HTTPS enabled.
  7. Click Apply/Save to update your Joomla site.

The following instructions will force HTTPS onto a Magento site.

Magento 1.x
  1. Log in your Magento admin panel.
  2. Navigate to System, then Configuration.
  3. In the General section select Web.
  4. Open the Secure section and update the Base URL to be:
    https://yourdomain.com
  5. The values for Use Secure URLs in Frontend and Use Secure URLs in Admin options need to be set to Yes.
  6. Click Save Config.
  7. To see the changes appear you will need to clear the Magento cache.
Magento 2.x
  1. Log in your Magento admin panel.
  2. Navigate to the Stores, Configuration, and then Web.
  3. Open the Base URLs (Secure) section and update the URL in the Secure Base URL to:
    https://yourdomain.com
  4. The values for Use Secure URLs on Storefront and Use Secure URLs in Admin options need to be set to Yes.
  5. Click Save Config.
  6. To see the changes appear you will need to clear the Magento cache.

The following instructions will force HTTPS onto a Drupal site.

To force HTTPS on for Durpal add the following code to your .htaccess file:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com*
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

To force HTTPS on for a HostGator Website Builder add the following code to your .htaccess file:

RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To force HTTPS on a site manually add the following mod_rewrite code to your .htaccess file:

# Always use https for secure connections
# Replace 'www.example.com' with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

The following instructions will enable the Free SSL and force HTTPS in Plesk for a domain:

Enable the Free SSL
Note: The www. subdomain will not be covered unless the Include a 'www' subdomain for the domain and each selected alias option is checked.
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Click Let's Encrypt under the domain.
  4. Confirm the email address is valid.
  5. Click Install.

Notification will be sent to the email address specified before the SSL expires. The SSL will automatically renew 30 days before it expires, or the SSL can be renewed manually at any point.

Force HTTPs
  1. Log in to the Plesk Control Panel.
  2. Go to the Websites & Domains tab.
  3. Click on Hosting Settings under the domain.
  4. Under Security, click the checkbox Permanent SEO-safe 301 redirect from HTTP to HTTPS.
  5. Click OK to save and return to Websites and Domains or click Apply to save and stay in the Hosting Settings.
  1. Navigate to your website to test the SSL certificate. If you are redirected to the secure HTTPS:// version of your site, the SSL certificate is working properly. If you don't see the HTTPS:// prefix, please see the troubleshooting tips below.

Upgrading to a Paid SSL

To upgrade your Free SSL to a Paid SSL (Positive or EV SSL), please see the following article:

Opting-Out of the Free SSL

To opt-out of the Free SSL certificate, please see the following instructions:

  1. Log into your Billing Portal.
  2. Select Hosting from the left-hand side menu.
  3. Select Manage for the hosting package that the SSL certificate should be added to.
    img
  4. Click Manage under SSL Management.
    img
  5. To the right of the domain you would like to disable the free SSL on, click the toggle under Auto-renew.
    img
  6. The toggle will then appear stating that the auto-renewal has now been turned Off.
    img

SSL Troubleshooting & Common Questions

When viewing HTTPS on my domain it says I don't have a certificate on my site.
  • In order for the Free SSL to work, you must have an active shared cPanel package with HostGator.
  • The domain must be pointed to your HostGator package via an A record.
What plan types get the Free SSL?

All HostGator Hosting packages are eligible for Free SSLs on all domains that are hosted within the hosting account and pointed by A record. This includes all cPanel hosting Hatchling, Baby, Business, Cloud Hosting, Optimized Wordpress, as well as Reseller Hosting.

Advanced hosting users that have a VPS or Dedicated may enable it for their servers by following the guide in the link below.

When will I get my Free SSL?

We have progressively and methodically gone through the HostGator cPanel servers to ensure the free SSL certificates are available to domains. The process was completed in July of 2018. If you have not yet received your Free SSL on a domain located in an active shared cPanel package with its A record pointing to the package, please contact support or chat for further assistance.

What do I have to do once I get the Free SSL?

Once the Free SSL is installed, you likely will still need to direct your visitors from HTTP to HTTPS to ensure they are using the most secure path to access your site. We have a guide on different builders above in the Step by Step Guide for Enabling your Free SSL Certificate.

Do I need to do anything if I use a SiteLock CDN through HostGator?

The TrueShield Basic CDN that comes with the Sitelock Find and Fix plans do not currently provide SSL support. We're currently working with our partners at SiteLock to bring SSL support to all CDN customers and hope to be able to offer that in the near future.

In the meantime, disabling the CDN or upgrading to a SiteLock Prevent will allow for immediate access to the Free SSL. Please see the "Enable SiteLock TrueShield and TrueSpeed" article for more information on the SiteLock CDN and plan offerings.

If you have any issues with setting up your Free SSL please contact us via phone or Live Chat