SSL Installation Guides

Before You Begin

After generating your SSL certificate, you will have downloaded these files:

certificate.crt Your SSL certificate

private.key Your private key (keep this secure!)

ca_bundle.crt Certificate Authority bundle (intermediate certificates)

Important: Never share your private key file. If it's compromised, you'll need to reissue your certificate.

Easy

cPanel is the most common hosting control panel. Most shared hosting providers use it.

Log in to cPanel and navigate to the Security section.
Click SSL/TLS (or "SSL/TLS Manager").
Under "Install and Manage SSL for your site (HTTPS)", click Manage SSL Sites.
Select your domain from the dropdown menu.
Paste the contents of certificate.crt into the "Certificate (CRT)" field.
Paste the contents of private.key into the "Private Key (KEY)" field.
Paste the contents of ca_bundle.crt into the "Certificate Authority Bundle (CABUNDLE)" field.
Click "Install Certificate". You should see a success message.

Tip: Some cPanel versions have an "AutoSSL" feature. If enabled, it may automatically install and renew certificates for you.

Intermediate

Apache is the most widely used web server. These instructions apply to Apache 2.4+ on Linux.

Upload your certificate files to the server. A common location:
/etc/ssl/certs/certificate.crt /etc/ssl/private/private.key /etc/ssl/certs/ca_bundle.crt
Enable the SSL module (if not already enabled):
sudo a2enmod ssl sudo a2ensite default-ssl
Edit your VirtualHost configuration (e.g., /etc/apache2/sites-available/your-domain.conf):
<VirtualHost *:443> ServerName yourdomain.com ServerAlias www.yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/ssl/certs/certificate.crt SSLCertificateKeyFile /etc/ssl/private/private.key SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt </VirtualHost>
Test the configuration and restart Apache:
sudo apache2ctl configtest sudo systemctl restart apache2

Intermediate

Nginx requires the certificate and CA bundle to be combined into a single file.

Combine the certificate and CA bundle into one file:
cat certificate.crt ca_bundle.crt > fullchain.crt
Upload files to the server:
/etc/nginx/ssl/fullchain.crt /etc/nginx/ssl/private.key
Edit your Nginx server block (e.g., /etc/nginx/sites-available/your-domain):
server { listen 443 ssl http2; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/nginx/ssl/fullchain.crt; ssl_certificate_key /etc/nginx/ssl/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; root /var/www/html; index index.html; }
Test and reload Nginx:
sudo nginx -t sudo systemctl reload nginx

Intermediate

IIS uses .pfx format. You may need to convert your certificate first.

Convert to PFX format using OpenSSL:
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt
Open IIS Manager and click on your server name.
Double-click "Server Certificates" in the center panel.
Click "Import..." in the right Actions panel and select your .pfx file.
Navigate to your site, click "Bindings..." in the right panel.
Click "Add...", select Type: https, port 443, and select your certificate.
Click OK to apply.

Easy

Most managed WordPress hosts (e.g., SiteGround, Bluehost, Cloudways) offer one-click SSL installation:

Log in to your hosting control panel.
Look for "SSL/TLS" or "Security" settings.
Upload your certificate files or paste the contents.
After SSL is active, install the "Really Simple SSL" WordPress plugin to automatically redirect HTTP to HTTPS and fix mixed content issues.

Easy

After installing SSL, redirect all HTTP traffic to HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
                        

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}
                        