Search our site for answers
Help Docs Security Overview SSL Certificates Guide Install an SSL Certificate

Install an SSL Certificate

Learn how to install your SSL certificate. This guide covers the final step of securing your site after you have generated a CSR and ordered your SSL.
4 min read

Introduction

This guide walks you through the process of installing a standard SSL certificate on your server. This process takes the certificate files issued by Liquid Web (or another provider) and configures your web server to use them for encrypted traffic.

Please note that you cannot complete this installation unless you have already finished generating a CSR, ordering an SSL, and verifying it. If your certificate order is still pending validation, you must wait for the Certificate Authority to issue the files before proceeding.

Prerequisites

  • You need login credentials for your server’s control panel (cPanel, Plesk, InterWorx) or root access via SSH.
  • The domain name you are securing must already be active and set up on the server.
  • The Issued Certificate (.crt) file sent to you by Liquid Web or your SSL vendor after the order was verified.
  • The CA Bundle, also known as the Chain Certificate. This file links your SSL to a trusted root authority.
  • The private key generated on your server simultaneously with your CSR.
Where is my Private Key?
The Private Key is not provided by your SSL vendor. It lives on the server where you generated the request. If you generated the CSR via command line, you must locate the .key file manually.

If you have lost this key, you cannot install the certificate and must reissue it.

Step-by-Step Instructions

Follow one of the following guides to learn how to install an SSL certificate:

Next Steps

Installing the certificate is only half the battle. To ensure your visitors are actually protected, complete these final tasks:

  1. Verify the Installation: Use an external tool to ensure the certificate chain is complete and valid.
  2. Force HTTPS: Installing an SSL makes the secure connection available, but it does not force visitors to use it. You must configure your site to redirect all traffic from http:// to https://. One of the ways you can do this is to force SSL Connections Using .htaccess.
  3. Check for Mixed Content: If your browser address bar shows a warning or no padlock after installation, your site might still be loading images or scripts over insecure HTTP.

Frequently Asked Questions (FAQ)

Installation makes the secure connection available, but it does not automatically force your website to use it. You likely need to:

  1. Redirect traffic: Configure a 301 redirect (often in your .htaccess file) to send visitors from http:// to https://.
  2. Fix Mixed Content: Ensure that your images, scripts, and CSS files are loading via HTTPS. If even one image loads over HTTP, the browser will not show the green padlock.

The Private Key is not sent to you by the SSL vendor. It is stored on the server (or computer) where you originally generated the Certificate Signing Request (CSR). If you generated the CSR in a control panel like cPanel, the key should be auto-filled or available in your file manager.

If you have deleted or lost the Private Key, you cannot install the certificate and must reissue it.

This is a file provided by the Certificate Authority (like Sectigo or DigiCert) that establishes a “chain of trust” between your specific domain certificate and the browser’s trusted root store. If you skip installing this file, mobile devices and some browsers may display a security warning to your visitors.

Usually, no. Installing an SSL certificate happens strictly on the web server software (Apache, Nginx, IIS). Unless you are moving your site to a new server or load balancer to handle the SSL, your DNS records do not need to change.

No. SSL certificates are cryptographically issued to a specific domain name (e.g., example.com). You cannot edit the domain name inside a certificate. If you need to secure a different domain, you must purchase a new SSL or reissue the existing one (if the vendor allows).

Was this article helpful?