To use an SSL from another company, you will need to complete the following steps:
- Fill out the CSR form to receive a CSR and RSA key.
- Purchase your SSL certificate (if you haven't already) and send the certificate issuer the CSR (Not the RSA Key) from step 1.
- The certificate issuer will provide an SSL Certificate as well as an SSL CA Certificate (Trusted Authority) (sometimes called a "CA Bundle").
Note: These may be provided as .crt files. If the text for the certificate or bundle are needed, these files may be opened in notepad.
- Upload your RSA key to your server with these instructions.
- With the SSL certificate and SSL CA certificate from your third-party, and the RSA key from step 1, fill out the SSL installation form and click Submit to complete your request.
Note: If you are not a reseller, leave the reseller fields blank. All other information is specific to the domain receiving the SSL.
- Pay any applicable HostGator invoices for installation. (Installation is free on managed Dedicated Servers.)
Now you can finish steps 5 and 6 automatically and instantly from inside of your billing portal! Click the link below to expand instructions for automated installation:
Once these steps have been completed, we will install your SSL Certificate. If you are interested in more details regarding the process and what is needed, please see the sections below:
Using a third-party SSL certificate on HostGator servers, please keep the following restrictions in mind:
- Hatchling plans do not support SSL certificates. You may upgrade your plan to Baby or Business by using our upgrade form.
- Shared or Reseller users cannot install a certificate and must have HostGator install their certificates.
- VPS or Dedicated Server users may install certificates on their own or have HostGator to install the certificate.
The SSL installation form requires the following information:
- The SSL Certificate field is for the main certificate file. This will be provided by the company issuing the SSL certificate.
- The SSL CA Certificate (Trusted Authority) is also known as the CA Bundle or Cert Bundle; this is optional only if your certificate company does not provide a bundle.
- The RSA Private Key field is for the RSA key we sent when you requested a CSR; please check your email for that code.
The following article provides additional information about what you should know before purchasing a third-party SSL:
The fees to have HostGator install a third-party SSL on your behalf are as follows:
- For a single domain SSL the fee is 10$
- For a multi-domain SSL the fee is 25$ for up to 5 domains plus 5$ for each additional domain beyond the first 5.
- Managed Dedicated Servers can have HostGator install any SSLs free of charge.
Renewing an SSL requires installation of the new certificate and is subject to the the installation fees above. For fewer installations, you may purchase a certificate that covers a 2 or 3 year term.
You may purchase a dedicated IP when installing an SSL. A dedicated IP costs $4 per month (or $48 per year.) Servers that do not take advantage of SNI will need a dedicated IP address to install each SSL.
When providing us with the certificate, RSA key, and CA bundle, the safest method to use is to upload them directly to your server into your home directory (but not in a web accessible directory such as public_html or public_ftp). Your RSA key must be provided this way, but it may be more convenient to provide the other certificates to us in the same way, at the same time.
You may then reply to your ticket with the location you uploaded the files to, or if you have not submitted your request yet, you may do so and then use the required SSL certificate field to let us know where your files are stored.
The CSR is only required for issuing a new certificate. If you are renewing your certificate or if your certificate is expired, then you will need a new CSR since you will be issued a new certificate with a new expiration date.
Matching RSA Key
If you do not know whether your RSA and SSL Certificate match, please check using this tool before submitting them: https://www.sslshopper.com/certificate-key-matcher.html
If you do not have a matching pair, you will need to request a new CSR, then have the certificate reissued with the new CSR.