In order to get a padlock in the address bar in your website, you need to install an SSL certificate on your website. This article describes how to do that.
If you would rather watch a video, scroll down to the bottom of this article.
Installing an SSL certificate
The first step to install an SSL certificate is of course to get the SSL certificate. You will need to get your SSL certificate from a certificate vendor of your choice. InfinityFree also provides free SSL certificates in the client area, but you are also free to use any other recognized SSL vendor.
Option 1: Automatic Installation by InfinityFree
The easiest way to get an SSL certificate on your website is by using the Free SSL Certificates system from InfinityFree. This tool can automatically install the certificate for you with a single button.
Option 2: Manual installation (you already have a Private Key)
If you’re migrating an existing SSL certificate from another provider, or are using an SSL tool which generates a private key for you (like our own SSL Certificates tool), you can install the certificate here.
To do this, you’ll need a Private Key and a Certificate.
You can install these as follows:
- Go to your Control Panel, navigate to the SSL/TLS section and click Configure next to the domain you want to set up.
- Take the Private Key you already have, paste it in the Private Key field and click Upload Key.
- Take the certificate text you already have, paste it in the Certificate field and click Upload Certificate.
That’s all there is to it! Your website now has a valid SSL certificate installed, and is ready to use it!
A few things to note:
- When uploading the certificate and private key, there are lines at the top and bottom like
--- BEGIN PRIVATE KEY ---
. These lines must also be included when uploading the private key and certificate. - The SSL/TLS tool only supports upload 2048 bits private keys. Some tools may generate 4096 bits private keys, but those cannot be uploaded here. If you have a 4096 bits key, you will have to generate a new private key and certificate.
- The CSR box may be empty or contain old data. The CSR is only used to get the SSL certificate, and is useless afterwards. You don’t need to create or upload a CSR to get SSL on your site.
- Sometimes, it can take a few minutes for the certificate to take effect.
Option 3: Manual installation (you don’t have a Private Key)
If you don’t have a private key, you will need to generate one, and get it signed by an SSL provider.
To do that, you’ll need to find an SSL certificate provider to provide you with a certificate.
While InfinityFree can provide you with free SSL certificates, the client area also generates a private key for you, so you need to follow the instructions above to install it.
To do this, you can do the following:
- Go to your control panel, navigate to the SSL/TLS section and click Configure next to the domain you want to set up.
- Click “Generate Key / CSR”.
- On that page, you must fill in ALL the fields. If the field does not apply to you, you can enter
N/A
in it. Then, click Generate Key. - Copy the CSR text, and send it to your SSL certificate vendor. Follow their instructions in order to complete your SSL order.
- Upload the certificate text from the SSL vendor to the Certificate box in the control panel.
When getting the SSL certificate from your vendor, you’ll probably get some questions about how you want to get the certificate.
For the server software or output format settings, you should get a type which gives you a certificate in standalone PEM format. If available, something like “Apache 2.2” format should be good.
When issuing an SSL certificate, you probably need to verify your e-mail address. Before trying to issue the certificate, be sure to select an e-mail address you can receive e-mail on!
After the certificate has been issued, you will receive the certificate from the certificate issuer. You can then install that certificate by copying the certificate text (including the BEGIN CERTIFICATE
and END CERTIFICATE
lines) to the Certificate box in the SSL/TLS section of the control panel and then click the “Upload Certificate” button.
The certificate is now installed on your account.
After installing your certificate
Once the certificate has been installed, you can verify it has been installed correctly using an SSL checker. Using an SSL checker is the best way to find out whether the certificate installation was successful.
You can also try to verify it’s installed correctly by visiting https://$yourDomain
. If you see a padlock in your browser’s address bar, that means the certificate has been installed correctly.
If you do not see a padlock, here are some things to check:
- If you see an SSL Protocol Error page, it means you have not installed the SSL certificate to your account. Please double check the SSL/TLS section in your control panel to verify the certificate is uploaded successfully.
- If you see a red warning page, your browser may not have checked the new certificate. Some browsers (notably Google Chrome) remember the certificates of websites for some time, so it may take a few hours for your browser to see the new certificate.
- If you are redirected from the
https://
version tohttp://
, your website is forcing people to the non-https version of your site. Most of the time, the script has a setting for the “website URL” or something like that. If you change the website URL tohttps://
, you should be able to see the website over https. - If your website is using the
https://
URL but the address bar is still white, it means that some of the stylesheets, scripts or images on the page are still using unsafehttp://
URLs. You need to find those URLs and make sure they all use https as well.
Note: using CA certificate chains
Most certificate vendors will ask you to install the CA chain certificates as well. These are not supported on InfinityFree and cannot be installed.
However, most browsers will recognize certificates from popular certificate issuers without a certificate chain as well, so you do not need the CA chain. Only certain outdated browsers may not properly recognize the certificates.
If you insist on using CA certificate chains, you could consider to upgrade to premium hosting, where you can install your own certificates including their CA chains, as well as get fully automatic free SSL from Let’s Encrypt.