If you are running an ecommerce site, accepting credit cards, or passing information that needs to be encrypted, you’ll need to install an SSL certificate on your WordPress site. Having an SSL certificate will allow you to enable HTTPS, which ensures that no information is passed in plain text. In fact, we recommend all sites utilize HTTPS, as it has a lot of additional benefits beyond security.
Follow the steps below on how to install a new SSL certificate for your WordPress site on Kinsta.
Note: If you have an existing SSL certificate you’d like to transfer over, check out our guide on how to transfer an existing SSL certificate.
Option 1 – Free Cloudflare SSL
On Kinsta, all verified domains are automatically protected by our Cloudflare integration, which includes free SSL certificates with wildcard support. This means that unless you have a specific reason to add a custom SSL, you won’t have to worry about manually configuring an SSL on Kinsta.
Option 2 – Install Custom SSL Certificate
For users who prefer to go the custom SSL route, MyKinsta supports custom SSL certificates as well.
Step 1 — Purchase SSL Certificate
Step 2 — Server Type
When purchasing a new SSL certificate, you are asked to provide the server type. The type of our web server is Nginx. If that option is not available, then “Apache” or “Other” will work as well.
Step 3 — Generate CSR and Private Key
A CSR (Certificate Signing Request) will be needed by the SSL provider to create/sign the certificate file. For generating a CSR and RSA key (together known as a key pair), please complete this form: Online CSR and Key Generator.
We recommend filling out every field, but at a minimum, you should fill in the following, as seen in the example below:
- Common name (domain name)
- Email Address
- City / Locality
- State / County / Region
Note: For the common name field, if you’re generating a wildcard certificate, you’ll need to input your domain name like
The form will generate the Private Key file and the CSR. Save both of those, as the certificate will be unusable without them.
Step 4 — Upload CSR and Generate SSL Certificate
Upload only your CSR with your SSL provider to generate your SSL certificate (.cert file). Once you receive your SSL certificate from your provider, you can install it in MyKinsta.
Step 5 — Add Custom SSL Certificate
In MyKinsta, navigate to Sites > sitename > Domains. Click the kebab (three-dot) menu for the domain you want to add a custom SSL certificate to and select Add custom SSL certificate from the dropdown menu.
Step 6 — Confirm Domains Covered by the SSL
Next, you’ll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next button to proceed to the next step.
Step 7 — Add SSL and Private Key
You will then be able to add your private key (.key) and certificate (.cert, .cer., or .crt file).
Paste the contents of your .crt file in the .cert file contents field first and then the contents of the .ca-bundle file below that, in the same field.
Click the Add certificate button to finalize the configuration process.
How to Check Your SSL Certificate
After you have installed your SSL certificate, we recommend running an SSL check to verify that everything is set up correctly. An invalid SSL certificate can cause your visitors to be faced with the “your connection is not private” error.
How to Renew Your SSL Certificate
An SSL certificate doesn’t last forever, so it will need to be renewed before it expires. If you’re not sure if your site is using our free Cloudflare SSL certificate or a custom SSL certificate, there are a couple of ways you can check to see who the issuer is. If the issuer name is anything other than Cloudflare, your site is using a custom SSL certificate.
To check the issuer name, view the certificate in your browser and look for the Organization in the Issuer Name section, or use a tool like SSLShopper’s SSL Checker and view the Issuer information.
Free Cloudflare SSL Certificates
If you’re using our free Cloudflare SSL certificate and using Kinsta DNS for your site, the renewal process is automatically handled by Cloudflare. If you’re not using Kinsta DNS, you’ll need to add a TXT record to your domain for the renewal. For more details, see our guide on Free SSL Renewals.
Custom SSL Certificates
If you have a custom SSL certificate, you’ll need to renew it with the SSL provider or domain registrar from which it was purchased. Once your SSL is renewed, you’ll need to re-upload it in MyKinsta.
How to Force HTTPS
After installing an SSL certificate, you’ll have the option to force HTTPS in MyKinsta. This feature allows you to automatically forward all incoming requests to HTTPS.
Our force HTTPS tool gives you two options – Force all traffic to the primary domain and Use requested domain. For normal WordPress sites, we recommend using the first option, which will force a 301 redirect to the HTTPS version of your canonical domain. The second option is useful for WordPress multisite, which may have multiple domains assigned to the same site.
At Kinsta, we support both free Cloudflare SSL certificates and custom SSLs. For most users, our Cloudflare SSL integration provides HTTPS support at no additional cost. However, if you have a specific use case that requires a custom SSL, we support that as well. If you have any questions about how to add an SSL certificate to your site, reach out to our 24/7 Support team!