If you are running an ecommerce site, accepting credit cards, or passing information that needs to be encrypted, you’ll need to install an SSL certificate on your WordPress site. Having an SSL certificate will allow you to enable HTTPS, which ensures that no information is passed in plain text. In fact, we recommend all sites utilize HTTPS, as it has a lot of additional benefits beyond security.

Follow the steps below on how to install a new SSL certificate for your WordPress site on Kinsta.

Option 1 – Free Cloudflare SSL

On Kinsta, all verified domains are automatically protected by our Cloudflare integration, which includes free SSL certificates with wildcard support. This means that unless you have a specific reason to add a custom SSL, you won’t have to worry about manually configuring an SSL on Kinsta.

Option 2 – Install Custom SSL Certificate

Once you have your custom SSL certificate (either newly created or transferred from another server), you’re ready to install it in MyKinsta.

Step 1 — Add Custom SSL Certificate

Navigate to WordPress Sites > sitename > Domains. Click the kebab (three-dot) menu for the domain you want to add a custom SSL certificate to and select Add custom SSL certificate from the dropdown menu.

Add a custom SSL certificate.
Add a custom SSL certificate.

Step 2 — Confirm Domains Covered by the SSL

Next, you’ll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next button to proceed to the next step.

Custom SSL domains.
Custom SSL domains.

Step 3 — Add SSL and Private Key

You will then be able to add your private key (.key) and certificate (.cert, .cer., or .crt file).

Most SSL providers will email you a .crt or .cer file and a .ca-bundle file. You can use a text editor like Notepad++ or TextMate to open the certificate and bundle files, and copy the content of each file.

Paste the contents of your .crt file in the .cert file contents field first and then the contents of the .ca-bundle file below that, in the same field.

Paste your .key and .cert files into MyKinsta.
Paste your .key and .cert files into MyKinsta.

Click the Add certificate button to finalize the configuration process.

How to Check Your SSL Certificate

After you have installed your SSL certificate, we recommend running an SSL check to verify that everything is set up correctly. An invalid SSL certificate can cause your visitors to be faced with the “your connection is not private” error.

How to Renew Your SSL Certificate

An SSL certificate doesn’t last forever, so it will need to be renewed before it expires. If you’re not sure if your site is using our free Cloudflare SSL certificate or a custom SSL certificate, there are a couple of ways you can check to see who the issuer is. If the issuer name is anything other than Cloudflare, your site is using a custom SSL certificate.

To check the issuer name, view the certificate in your browser and look for the Organization in the Issuer Name section, or use a tool like SSLShopper’s SSL Checker and view the Issuer information.

Check for SSL issuer name with SSLShopper SSL Checker.
Check for SSL issuer name with SSLShopper SSL Checker.

Free Cloudflare SSL Certificates

If you’re using our free Cloudflare SSL certificate and using Kinsta’s DNS for your site, the renewal process is automatically handled by Cloudflare. If you’re not using Kinsta’s DNS, you’ll need to add a TXT record to your domain for the renewal. For more details, see our guide on Free SSL Renewals.

Custom SSL Certificates

If you have a custom SSL certificate, you’ll need to renew it with the SSL provider or domain registrar from which it was purchased. Once your SSL is renewed, you’ll need to re-upload it in MyKinsta.

How to Force HTTPS

After installing an SSL certificate, you’ll have the option to force HTTPS on the Tools tab in MyKinsta. This feature allows you to automatically forward all incoming requests to HTTPS.

Enable Force HTTPS in MyKinsta.
Enable Force HTTPS in MyKinsta.

Our force HTTPS tool gives you two options – Force all traffic to the primary domain and Use requested domain. For normal WordPress sites, we recommend using the first option, which will force a 301 redirect to the HTTPS version of your canonical domain. The second option is useful for WordPress multisite, which may have multiple domains assigned to the same site.

Force HTTPS options.
Force HTTPS options.



At Kinsta, we support both free Cloudflare SSL certificates and custom SSLs. For most users, our Cloudflare SSL integration provides HTTPS support at no additional cost. However, if you have a specific use case that requires a custom SSL, we support that as well. If you have any questions about how to add an SSL certificate to your site, reach out to our 24/7 Support team!