If you are running an ecommerce site, accepting credit cards, or passing information that needs to be encrypted, you’ll need to install an SSL certificate on your WordPress site. Having an SSL certificate will allow you to enable HTTPS, which ensures that no information is passed in plain text. In fact, we recommend all sites utilize HTTPS, as it has a lot of additional benefits beyond security.

Follow the steps below on how to install an SSL certificate for your WordPress site on Kinsta.

Prefer to watch the video version?

Option 1 – Free Cloudflare SSL

On Kinsta, all verified domains are automatically protected by our Cloudflare integration, which includes free SSL certificates with wildcard support. This means that unless you have a specific reason to add a custom SSL, you won’t have to worry about manually configuring an SSL on Kinsta.

Option 2 – Install Custom SSL Certificate

For users who prefer to go the custom SSL route, MyKinsta supports custom SSL certificates as well. However, we only support custom SSL certificates that include wildcard domain support at this time. If your custom SSL doesn’t support wildcard domains, we recommend using our free Cloudflare SSL or purchasing a custom SSL that covers wildcard domains as well.

Step 1 – Purchase SSL Certificate

Purchase your SSL certificate from any vendor you like, such as Comodo, DigiCert, GeoTrust, Thawte, or Trustwave. Kinsta supports all types of SSL certificates, as long as they include wildcard domain support.

Step 2 – Server Type

When purchasing a new SSL certificate, you are asked to provide the server type. The type of our web servers is Nginx. If that option is not available, then “Apache” or “Other” will work as well.

Step 3 – Generate CSR and Private Key

A CSR code will be needed by the SSL provider to create/sign the certificate file. For generating a CSR code and RSA key, please complete this form: Online CSR and Key Generator.

We recommend filling out every field, but at a minimum, you should fill in the following, as seen in the example below:

Note: For the common name field, if you’re generating a wildcard certificate, you’ll need to input your domain name like *.domain.com.

Generate CSR form
Generate CSR form

The form will generate the private key file and the CSR. Save both of those, as the certificate will be unusable without them.

CSR and private key
CSR and private key

Step 4

Upload your CSR with your SSL provider to regenerate your SSL certificate (.cert).

Step 5

In MyKinsta, navigate to Sites > Your Site > Domains. Click on the dropdown menu next to the domain you want to add a custom SSL certificate for and click Add Custom SSL Certificate.

Add a custom SSL certificate.
Add a custom SSL certificate.

Step 6

Next, you’ll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next button to proceed to the next step.

Custom SSL domains.
Custom SSL domains.

Step 7

You will then be able to add your private key (.key) and certificate (.cert, .cer., or .crt file). Most SSL providers will email you a .crt or .cer file and a .ca-bundle file. You can use a text editor like Notepad++ or TextMate to open the certificate and bundle files.

Paste the contents of your .crt file in the .cert file contents section first and then the contents of the .ca-bundle file below it.

Paste your .key and .cert files into MyKinsta.
Paste your .key and .cert files into MyKinsta.

Note: If you don’t have your intermediate certificates, you can use a free tool like What’s My Chain Cert or Certificate Chain Composer to generate the certificate chain. Copy and paste this certificate chain (which includes your intermediate certificates) in the .cert file contents section.

Click the Add Certificate button to finalize the configuration process.

How to Check Your SSL Certificate

After you have installed your SSL certificate, we recommend running an SSL check to verify that everything is set up correctly. An invalid SSL certificate can cause your visitors to be faced with the “your connection is not private” error.

How to Renew Your SSL Certificate

SSL certificates don’t last forever, so you’ll need to renew them in some cases.

Free Cloudflare SSL Certificates

If you’re using our free Cloudflare SSL certificate for your site, you don’t have to worry about manually renewing the certificate because the renewal process is automatically handled by Cloudflare.

Custom SSL Certificates

If you have a custom SSL certificate, you’ll need to renew it with the SSL provider or domain registrar from which it was purchased. As long as it was renewed before it expires, there’s no need to re-upload it to MyKinsta.

How to Force HTTPS

After installing an SSL certificate, you’ll have the option to force HTTPS in MyKinsta. This feature allows you to automatically forward all incoming requests to HTTPS.

Force HTTPS in MyKinsta.
Force HTTPS in MyKinsta.

Our force HTTPS tool gives you two options – Force all traffic to the primary domain and Use requested domain. For normal WordPress sites, we recommend using the first option, which will force a 301 redirect to the HTTPS version of your canonical domain. The second option is useful for WordPress multisite, which may have multiple domains assigned to the same site.

Force HTTPS options.
Force HTTPS options.

 

Summary

At Kinsta, we support both free Cloudflare SSL certificates and custom SSLs. For most users, our Cloudflare SSL integration provides HTTPS support at no additional cost. However, if you have a specific use case that requires a custom SSL, we support that as well. If you have any questions about how to add an SSL certificate to your site, reach out to our 24/7 Support team!