How Do I Use the Third-Party SSL Certificate I Purchased?

For a faster and easier method to get an SSL, you can purchase an SSL directly from HostGator from your billing portal. Just see the following article for details:

To use an SSL from another company, you will need to complete the following steps:

  1. Fill out the CSR form to receive a CSR and RSA key.
  2. Purchase your SSL certificate (if you haven't already) and send the certificate issuer the CSR (Not the RSA Key) from step 1.
  3. The certificate issuer will provide an SSL Certificate as well as an SSL CA Certificate (Trusted Authority) (sometimes called a "CA Bundle").
    Note: These may be provided as .crt files. If the text for the certificate or bundle are needed, these files may be opened in notepad.
  4. Once you have obtained your SSL Certificate, log in to your cPanel, and scroll down to SSL/TLS within the Security section.
    img
  5. Here you will be presented with several options, click on Manage SSL sites under the Install and Manage SSL for your site (HTTPS).
    img
  6. With the SSL certificate and SSL CA certificate from your third-party, and the RSA key from CSR generation in step 1, paste the certificate details into the associated fields.
    img
  7. Note: Please be sure to copy the entire certificate including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.
  8. Click Install Certificate to complete the SSL installation to the server.

You can also complete steps 4 through 7 from inside of your billing portal! Please note that there is a $10 fee for completing the install via the portal. Click the link below to expand instructions for automated installation:

New Portal Experience - Install Third-Party SSL

Portal - Install Third-Party SSL

Once these steps have been completed, we will install your SSL Certificate. If you are interested in more details regarding the process and what is needed, please see the sections below:


Restrictions

Using a third-party SSL certificate on HostGator servers, please keep the following restrictions in mind:

  • Shared or Reseller users cannot install a certificate and must have HostGator install their certificates.
  • VPS or Dedicated Server users may install certificates on their own or have HostGator to install the certificate.

Requirements

The SSL installation requires the following information:

  • The SSL Certificate field is for the main certificate file. This will be provided by the company issuing the SSL certificate.
  • The SSL CA Certificate (Trusted Authority) is also known as the CA Bundle or Cert Bundle; this is optional only if your certificate company does not provide a bundle.
  • The RSA Private Key field is for the RSA key we sent when you requested a CSR; please check your email for that code.

The following article provides additional information about what you should know before purchasing a third-party SSL:


Fees

The fees to have HostGator install a third-party SSL on your behalf are as follows:

  • For a single domain SSL the fee is $10
  • For a multi-domain SSL the fee is $25 for up to 5 domains plus $5 for each additional domain beyond the first 5.
  • Managed Dedicated Servers can have HostGator install any SSLs free of charge.

Renewing an SSL requires installation of the new certificate and is subject to the the installation fees above. For fewer installations, you may purchase a certificate that covers a 2 or 3 year term.

You may purchase a dedicated IP when installing an SSL. A dedicated IP costs $4 per month (or $48 per year.) Servers that do not take advantage of SNI will need a dedicated IP address to install each SSL.


Advanced Notes

CSR Renewal

The CSR is only required for issuing a new certificate. If you are renewing your certificate or if your certificate is expired, then you will need a new CSR since you will be issued a new certificate with a new expiration date.

Matching RSA Key

If you do not know whether your RSA and SSL Certificate match, please check using this tool before submitting them: https://www.sslshopper.com/certificate-key-matcher.html

If you do not have a matching pair, you will need to request a new CSR, then have the certificate reissued with the new CSR.