If you are running an ecommerce site, accepting credit cards, or passing information that needs to be encrypted, you’ll need to install an SSL certificate on your WordPress site. Having an SSL certificate will enable HTTPS and this ensures that no information is passed in plain text. In fact, we recommend all sites utilize HTTPS, as it has a lot of additional benefits beyond security.
Follow the steps below on how to install an SSL certificate for your WordPress site on Kinsta.
Option 1 – Free Cloudflare SSL
On Kinsta, all verified domains are automatically protected by our Cloudflare integration, which includes free SSL certificates with wildcard support. This means that unless you have a specific reason to add a custom SSL, you won’t have to worry about manually configuring an SSL on Kinsta.
Option 2 – Install Custom SSL Certificate
For users who prefer to go the custom SSL route, MyKinsta supports custom SSL certificates as well. However, we only support custom SSL certificates with wildcard support at this time. If your custom SSL doesn’t support wildcard domains, we recommend using our free Cloudflare SSL or purchasing a custom SSL that covers wildcard domains as well.
Step 1 – Purchase SSL Certificate
Step 2 – Server Type
When purchasing a new SSL certificate, you are asked to provide the server type. The type of our web servers is Nginx, if that option is not available, then “Apache” or “Other” will work as well.
Step 3 – Generate CSR and Private Key
A CSR code will be needed by the SSL provider to create/sign the certificate file. For generating a CSR code and RSA key, please complete the following form: https://www.ssl.com/online-csr-and-key-generator/.
We recommend filling out every field, but at a minimum, you should fill in the following as seen in the example below:
- Common name (domain name)
- Email Address
- City / Locality
- State / County / Region
Note: For the common name field, if you are generating a wildcard certificate, you will need to input your domain name like
The form will generate you the private key file and the CSR. Make sure to save both of those as the certificate will be unusable without them.
Upload your CSR with your SSL provider to regenerate your SSL certificate (.cert).
In MyKinsta, navigate to Sites > Your Site > Domains. Click on the dropdown menu next to the domain you want to add a custom SSL certificate for, and click Add Custom SSL Certificate.
Next you’ll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next button to proceed to the next step.
You will then be able to add your private key (.key) and certificate (.cert). Some customers will also need to add their intermediate certificate as well. Most SSL providers will email you a .crt file and a .ca-bundle file. Paste the contents of your .crt file in the “.cert file contents” section first and then the contents of the .ca-bundle file below it.
You can use a text editor like Notepad or TextMate to open the certificate and bundle files. If you don’t have or know your intermediate certificate you can use a free tool like “What’s My Chain Cert” to generate it. Click Add Certificate to finalize the configuration process.
How to Check Your SSL Certificate
After you have installed your SSL Certificate we recommend running an SSL check to verify that everything is set up correctly. Invalid SSL Certificates can cause your visitors to be faced with the “your connection is not private” error. Sometimes when you are using local web development solutions such as MAMP, you can encounter the “This Site Can’t Provide a Secure Connection” error, read our article about how you can fix it.
How to Renew Your SSL Certificate
SSL certificates don’t last forever, so you’ll need to renew them in some cases.
Free Cloudflare SSL Certificates
If you’re using our free Cloudflare SSL certificate for your site, you don’t have to worry about manually renewing the certificate because the renewal process is automatically handled by Cloudflare.
Custom SSL Certificates
If you have a custom SSL certificate, you’ll need to renew it with the SSL provider or domain registrar from which it was purchased. As long as it was renewed before it expires, there’s no need to re-upload it to the MyKinsta dashboard.
How to Force HTTPS
After installing an SSL certificate, you will have the option to “force HTTPS” in the MyKinsta dashboard. This feature allows you to automatically forward all incoming requests to HTTPS.
Our force HTTPS tool gives you two options – “force all traffic to the primary domain” and “use requested domain”. For normal WordPress sites, we recommend using the first option, which will force a 301 redirect to the HTTPS version of your canonical domain. The second option is useful for WordPress multisites which may have multiple domains assigned to the same Kinsta site.
At Kinsta, we support both free Cloudflare SSL certificates and custom SSLs. For most users, our Cloudflare SSL integration provides HTTPS support at no additional cost. However, if you have a specific use case that requires a custom SSL, we support that as well. If you have any questions about how to add an SSL certificate to your site, reach out to our 24/7 support team!
If you enjoyed this tutorial, then you’ll love our support. All Kinsta’s hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans