How to get Free SSL (HTTPS) on InfinityFree

If you’re using free hosting with your own domain or a subdomain, you’ll want to make your website work over HTTPS (SSL). Fortunately, InfinityFree provides all the tools you need to make it so. If you like videos better then text guides, scroll on down to the bottom of this guide.

This guide uses the control panel functions and the Free SSL Certificates tool provided by InfinityFree to get SSL up and running on your site.

Step 1: Set up the domain on your hosting account

The first thing to do is to set up the domain name on your hosting account. When you create a new hosting account, you’ve already set up your first domain name. You can also add and remove domain names later on through the Subdomains, Addon Domains and Parked Domains section of the control panel.

This guide assumes you’re using our nameservers for your domain. This is the recommended setting and is easiest to set up. If you’re using a free subdomain, this is always the case.

Step 2: Add the domain to the Free SSL Certificates tool

The second thing to do is to add the domain to the Free SSL Certificates too.

To do so, you can follow these steps:

  1. Login to the client area at
  2. Go to the “Free SSL Certificates” page.
  3. Click “New SSL Certificate”.
  4. Enter your domain name in the domain name field.
    • A domain name looks like or Do not include any URL prefix like http://.
    • Do not include the www subdomain in the domain. Your SSL certificate will be valid for both the base domain and the www subdomain.
  5. Click Create Order.

Step 3: Setup CNAME records

To get your SSL certificate, you will need to setup some DNS records to prove to the certificate provider that you own the domain name.

In short, you’ll need to setup some DNS CNAME records on your domain name. The records you need to add are shown on the certificate Verify page.

If you’re using our nameservers, we can setup the CNAME records for you automatically. If our nameservers are found, you will see a button “Setup CNAME Records Automatically”. Simply click it to install the CNAME records.

If you re using third party nameservers (like Cloudflare), you’ll need to setup the CNAME records at that DNS provider. For more detailed instructions, please see the dedicated article about how to create CNAME records for free SSL.

Please note that it can take a few hours for the DNS record checks to recognize the new CNAME records.

Once the check is at Ready, you can click Request Certificate to get the certificate if the button is available. If not, it should say that the certificate issuance is already in progress.

Do not remove the CNAME records until the certificate is no longer pending. The CNAME records must be present during the entire validation process or it will most likely fail. Only after the certificate has been issued (or failed to be issued) can you safely delete the CNAME record. It is, however, recommended that you keep the CNAME records, as some SSL providers allow you to reuse the same records when you renew your certificate.

Step 4: Install the SSL certificate

After acquiring your SSL certificate, it’s time to install it on your hosting account.
You can do it in one of these ways:

Install the certificate automatically


Install the certificate manually

In short, you’ll need to copy the Private Key and Certificate and upload them to the SSL/TLS section in the control panel (in that order).

For detailed instructions please see the dedicated section about it in how to install an SSL Certificate.

Step 5: Verify your website works with HTTPS

After installing your certificate, it’s time to see if it worked! To do so, simply enter https:// (your domain).

If you don’t see an error page with SSL related warnings, then the certificate installation was successful. Note that you may still see Mixed Content warnings or be redirected to the non-HTTPS version of your site.

Step 6: Configure your website to use HTTPS

After installing the SSL certificate, it’s time to make your website use HTTPS.

In short, this involves two steps:

  • Configuring your website to use HTTPS URLs everywhere.
  • Setting up a redirect to ensure all visitors use HTTPS.

The first step entirely depends on how you’ve built your website, so there are no generic instructions. For the second one, you have a couple of options, all described in the how to force all traffic to HTTPS article.

If you use WordPress, for example, you can do this by manually updating the Website URL through the WordPress admin area and setting up .htaccess rules. Alternatively, you can let the Really Simple SSL plugin handle it for you.

Video Tutorial


Should be “Step 6”.


That was there for an entire year and not a single person noticed :joy:


Good evening everyone,

I hope is the right place to ask about
new ssl certificate, renowed after the last reminder 10 days before the end of the previous , both by gogetssl.

Should I delete the old one or when both are installed the website works fine and automatically switch from the old to the new (as I understood) ? Cause today, ( i renowed yesterday) my website was saying : not secure connection, and something about the server…

But I did a couple of operations … Should I write the other on the other section?
( new databese, with different name, but wordpress actually creates one automatically, during the ijstallation, may this create overwriting or problems in running the website? IF I DELETE THE NEW ONE WHAT’S UP?)

I checked with supercached plugin and it appear there are 2 different address:

I report:
Fetching to prime cache: OK (0.html)

Fetching first copy of OK (1.html)

Fetching second copy of OK (2.html)

  • Page 1: 403 (Forbidden)
  • Page 2: 403 (Forbidden)

The pages do not match! Timestamps differ or were not found!

It suggest to load the website 2 times on logout browsers and check the id:

In the first it appears the little security code: i
=1 something so…
In the second page not

( now after 3 loading on more pagss is always without… )
Please could you explain me more?

I cannot find these details published…


Only one SSL certificate can be installed at any time. If one SSL certificate is close to expire, you can obtain a new one, and replace the old certificate with the new certificate. At that point, the old SSL certificate become irrelevant.

Whether an SSL certificate is deleted or not in the client area does nothing to the SSL certificate active on your site. There is no need to ever delete any SSL certificate.

Yes. We allow replies to knowledge base articles to discuss the contents of the article, so we can improve the article if it’s incorrect or unclear.

This is not the place to discuss specific SSL certificates for specific websites, and it’s definitely not the place to discuss whatever other issues you thought of while looking at this topic. Please find a more appropriate place for those, or create a new topic.