{"id":4227,"date":"2020-03-04T12:00:45","date_gmt":"2020-03-04T18:00:45","guid":{"rendered":"https:\/\/wpengine.com\/?post_type=support&#038;p=4227"},"modified":"2025-11-12T08:55:30","modified_gmt":"2025-11-12T14:55:30","slug":"ssl","status":"publish","type":"support","link":"https:\/\/wpengine.com\/support\/ssl\/","title":{"rendered":"Securing a Website with SSL"},"content":{"rendered":"\n<p>SSL\/TLS certificates enable visitors to connect to your site with HTTPS, a secure protocol for exchanging information on the Internet. SSL certificates add a layer of secure encryption to your website, so any information transferred by your website is encrypted. In this article we will explain how to obtain SSL certificates for your website on the WP Engine platform.<\/p>\n\n\n\n<a name=\"Video\"><\/a>\n\n\n\n<p>Prefer to watch a video?<\/p>\n\n\n\n<iframe style=\"aspect-ratio: 16 \/ 9;\n  width: 100%;\" src=\"https:\/\/www.youtube.com\/embed\/XECDdegDqJo?si=w9ljTIPaYGKLsbEF&#038;rel=0\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<div class=\"video-feedback-callout\" style=\"width: 100%; margin: auto; max-width:450px; margin-top:15px;\"> \n<span style=\"float: left; padding-right:10px; padding-top:1px;\">\n<img decoding=\"async\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/09\/stars-rating.png\"\/>\n<\/span> \n<p style=\"color:#002447; font-size:14px; padding-right:6px; float:left; font-weight:400;\">Was this video helpful?<\/p> \n<div class=\"video-feedback-link copy_site\" id=\"copy_site\" style=\"display: flex; align-items: center; gap: .5rem; font-weight: 700; pointer-events: all; float:left;\">\n<span style=\"color:#006BD6; font-size: 14px; border-bottom: 3px solid #006BD6; text-decoration:none;\">Share Your Feedback<\/span> \n<svg width=\"24\" height=\"25\" viewBox=\"0 0 24 25\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M13.5491 5.93261C13.2357 5.66173 12.7621 5.69618 12.4912 6.00955C12.2203 6.32292 12.2548 6.79655 12.5681 7.06742L17.9854 11.75L4 11.75C3.58579 11.75 3.25 12.0858 3.25 12.5C3.25 12.9142 3.58579 13.25 4 13.25L17.9854 13.25L12.5681 17.9326C12.2548 18.2035 12.2203 18.6771 12.4912 18.9905C12.7621 19.3038 13.2357 19.3383 13.5491 19.0674L20.4904 13.0674C20.6552 12.925 20.7499 12.7179 20.7499 12.5C20.7499 12.2822 20.6552 12.0751 20.4904 11.9326L13.5491 5.93261Z\"\/><\/svg>\n<\/div>\n<\/div>\n\n\n\n\n\n<a name=\"https\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">About HTTPS, TLS and SSL<\/h2>\n\n\n\n<p><strong>HTTPS<\/strong>&nbsp;(Hypertext Transfer Protocol Secure)&nbsp;is the&nbsp;protocol for&nbsp;secure communication on&nbsp;the World Wide Web, and it prevents&nbsp;eavesdroppers from seeing information that visitors&nbsp;send or receive&nbsp;over the Internet. HTTPS secures its connections by&nbsp;using&nbsp;SSL\/TLS, protocols that&nbsp;authenticate web servers and that encrypt messages sent between browsers and web servers.<\/p>\n\n\n\n<p><strong>TLS<\/strong>&nbsp;(Transport Layer Security) is a cryptographic protocol that provides secure communication over the Internet. HTTPS uses TLS to secure communication for website visitors. TLS provides the following security benefits:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identity authentication \u2014 The browser determines whether a&nbsp;web server is the right server, and not an imposter.<\/li>\n\n\n\n<li>Privacy \u2014 Information between the browser and web server is kept private by using&nbsp;encryption.<\/li>\n\n\n\n<li>Data integrity \u2014 &nbsp;Messages between the browser&nbsp;and the web server cannot be altered by others (e.g., during a man-in-the-middle attack).<\/li>\n<\/ul>\n\n\n\n<p><strong>SSL<\/strong> (Secure Sockets Layer) is the predecessor of TLS. After SSL 3.0, the next upgrade was named TLS 1.0 (instead of SSL 4.0) because the version upgrade was not interoperable with SSL 3.0. Many people refer to TLS as SSL (old habits die hard) or as SSL\/TLS, even though all versions of SSL are technically now deprecated.<\/p>\n\n\n\n<p><a href=\"https:\/\/wpengine.com\/support\/platform-settings\/#tls\" target=\"_blank\" rel=\"noreferrer noopener\">Review our guide for more information on which TLS versions are currently supported.<\/a><\/p>\n\n\n\n<a name=\"check\"><\/a><a name=\"Check_for_an_SSL\"><\/a><a name=\"Check_for_SSL\"><\/a>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Check SSL Status<\/h3>\n\n\n\n<p>To view the status of SSLs installed for a domain, check the <strong>SSL<\/strong> column on the <strong>Domains<\/strong> page for an environment.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\">Sites page<\/a>, click the environment name containing the domain that you want to check<\/li>\n\n\n\n<li>Click <strong>Domains<\/strong> in secondary lefthand menu<\/li>\n\n\n\n<li>To ensure an SSL is installed look for green check in the SSL column next to the domain<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"486\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-1024x486.png\" alt=\"Screenshot of the Domains page in the WP Engine User Portal showing where to check the status of an SSL.\" class=\"wp-image-125933\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-1024x486.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-300x142.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-768x364.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-1536x729.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status-1500x711.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/ssl-status.png 1868w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"3b0649\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>Note<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Most domains will be on our <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\/\">Advanced Network<\/a> or <a href=\"https:\/\/wpengine.com\/support\/ges\/\/\">Global Edge Security<\/a> and an SSL will be automatically installed for those domains. Hover on the icon in the <strong>Network<\/strong> column next to a domain to confirm which network it\u2019s on. If needed you can switch the network from the 3 dot menu button to the right of the domain. If you need to manage a manually installed SSL click <strong>SSL<\/strong> in the secondary lefthand menu.<\/p>\n<\/div><\/div>\n\n\n\n<a name=\"add\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Add SSL<\/h2>\n\n\n\n<p>When your domain name is using our <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Advanced Network<\/strong><\/a> or <a href=\"https:\/\/wpengine.com\/support\/ges\/\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Global Edge Security<\/strong><\/a>, SSLs are installed automatically through Cloudflare so no additional SSL is needed!<\/p>\n\n\n\n<p>If your DNS is pointed to our old Legacy Network, you can upgrade to our Advanced Network for free to take advantage of automated SSL as well as advanced security features. If you cannot update DNS to our Advanced Network and need a Let\u2019s Encrypt certificate on our old Legacy Network, or if you need to use a 3rd-party certificate, you can add an SSL using the following steps.<\/p>\n\n\n\n<p>When adding a certificate from Let&#8217;s Encrypt, ensure <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\" target=\"_blank\" rel=\"noreferrer noopener\">DNS is pointed to WP Engine<\/a> beforehand to prevent errors.<\/p>\n\n\n\n<p>To add an SSL to a website:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\" target=\"_blank\" rel=\"noreferrer noopener\">Sites page<\/a>, select the environment name<\/li>\n\n\n\n<li>Click <strong>SSL<\/strong><\/li>\n\n\n\n<li>Click the <strong>Add certificate<\/strong> button (You can skip this step if you don&#8217;t have any certificates yet because you&#8217;ll be automatically redirected to the Add Certificates page after clicking the SSL menu)<br><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"272\" class=\"wp-image-125926\" style=\"width: 700px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the list of SSLs\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert.png 1568w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-300x117.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1024x398.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-768x299.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1536x598.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1500x584.png 1500w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/li>\n\n\n\n<li>Choose one of the 3 <em><strong>Add SSL certificate<\/strong><\/em> options:\n<ul class=\"wp-block-list\">\n<li><a href=\"#Generate_New_Certificate_Signing_Request_CSR\">Generate CSR<\/a><\/li>\n\n\n\n<li><a href=\"#3rdparty\">Import certificate<\/a><\/li>\n\n\n\n<li><a href=\"#letsencrypt\">Get Let&#8217;s Encrypt<\/a><br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"292\" class=\"wp-image-125524\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the options to add a new SSL\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png 2386w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-300x146.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1024x499.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-768x374.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1536x748.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-2048x997.png 2048w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1500x731.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Follow the prompts to complete the request process<\/li>\n\n\n\n<li>When the SSL installation is complete, you\u2019ll see a green check with a status of <strong>Active<\/strong> in the <strong>Status<\/strong> column.<br><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"148\" class=\"wp-image-125934\" style=\"width: 700px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the SSL status column\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active.png 1822w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active-300x63.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active-1024x216.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active-768x162.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active-1536x324.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/status-active-1500x316.png 1500w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/li>\n<\/ol>\n\n\n\n<p>SSL certificates typically install and activate within a few minutes, however in some cases can take up to 24 hours.<\/p>\n\n\n\n<p><strong>Auto Renewal<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All certificates managed by WP Engine default to Auto-Renew and Secure All URLs. This includes Let\u2019s Encrypt, Advanced Network, and Global Edge Security SSL certificates.<br><a name=\"letsencrypt\"><\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>3rd-party certificate renewal<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>3rd-party certificates cannot auto-renew, as WP Engine is not the issuer and we will not automatically have access to the updated SSL files.&nbsp; 3rd-party SSL certificates should be added as <a href=\"https:\/\/wpengine.com\/support\/ssl\/#Import_3rd-Party_SSL_Certificate\"><strong>a new 3rd-party SSL<\/strong><\/a> when renewal occurs.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Let&#8217;s Encrypt SSL Certificates<\/h3>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Let\u2019s Encrypt is only available for domains pointed to the <em>Legacy Network<\/em>. Domains pointed to our <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Advanced Network<\/strong><\/a> or <a href=\"https:\/\/wpengine.com\/support\/ges\/\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Global Edge Security<\/strong><\/a> will <strong>not<\/strong> have the option to add a Let\u2019s Encrypt SSL through WP Engine because they already have SSLs automatically installed through Cloudflare.<\/p>\n<\/div><\/div>\n\n\n\n<p>Let\u2019s Encrypt SSLs are free SSLs that can be added to a domain if the domain is pointed to our old Legacy Network. To view your Let\u2019s Encrypt certificate:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Go to the <a href=\"https:\/\/my.wpengine.com\/sites\" target=\"_blank\" rel=\"noreferrer noopener\">Sites<\/a> page<\/li>\n\n\n\n<li>Click on the environment name<\/li>\n\n\n\n<li>Click <strong>SSL<\/strong> in the secondary lefthand menu<\/li>\n<\/ul>\n\n\n\n<p>If you should, but do not see the WWW or non-WWW version of your domain listed here, be sure both variations are <a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/\" target=\"_blank\" rel=\"noreferrer noopener\">added to the User Portal<\/a>. Each domain needs its own SSL certificate including subdomains like the WWW version of the domain.<\/p>\n\n\n\n<p>To add a new Let&#8217;s Encrypt SSL follow the steps in the <a href=\"https:\/\/wpengine.com\/support\/ssl\/#Add_SSL\">Add SSL<\/a> section on this page.<\/p>\n\n\n\n<p>Let\u2019s Encrypt certificates expire after 90 days. Our system will attempt to auto-renew these 22 days before expiration. If there are no issues with your DNS the auto renewal will go through without errors. If there is an error during the automatic renewal order this should create a ticket in our system and you should receive an email with more information.<\/p>\n\n\n\n<p>Ordering a Let\u2019s Encrypt certificate replaces any existing certificates on WP Engine for that domain (EX: 3rd-party certificate).<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"851\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-1024x851.png\" alt=\"Screenshot of an environment's Let's Encrypt order page in the WP Engine User Portal\" class=\"wp-image-125537\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-1024x851.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-300x249.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-768x638.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-1536x1277.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert-1500x1247.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/08\/get-le-cert.png 1576w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<a name=\"3rdparty\"><\/a><a name=\"Import_3rd_Party_SSL_Certificate\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Import 3rd-Party SSL Certificate<\/h3>\n\n\n\n<p>WP Engine only provides free single-domain certificates at this time. Therefore the purchase and import of a 3rd-party SSL, purchased externally, may be necessary in several situations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you already have a valid SSL certificate you want to use<\/li>\n\n\n\n<li>If you need to use a wildcard SSL certificate<\/li>\n\n\n\n<li>If you need to use an Extended Validation (EV) certificate<\/li>\n\n\n\n<li>If you need to use a Multi-Domain certificate (SAN)<\/li>\n<\/ul>\n\n\n\n<p>Using a 3rd-party SSL also allows you to secure the domain prior to DNS being pointed to WP Engine. The domain should be <a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>added in the User Portal<\/strong><\/a> before installing the certificate. The domain will not be secured with the SSL until you point DNS to your WP Engine server but if you want to test the SSL before pointing DNS you can <a href=\"https:\/\/wpengine.com\/support\/emulate-dns-change-with-the-hosts-file-trick\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Emulate DNS Locally with the Hosts File Trick<\/strong><\/a>.<\/p>\n\n\n\n<p>To import any 3rd-party SSL successfully, a matching certificate and key file are <strong>required<\/strong>. If you generated a CSR through WP Engine then the key file is already&nbsp; stored in our system. In some cases, there may also be additional intermediate certificates that you must provide. The Intermediate certificates are also known as CA (Certificate Authority) certificates. Sometimes SSL providers will give you the CA\/Intermediate certificates in the same file as the main certificate, and sometimes they\u2019ll provide them in a separate file that is often named something like <code>ca-bundle<\/code> (e.g. ca-bundle.crt). The main certificate and the CA\/Intermediate certificates need to be uploaded or copy\/pasted together when adding a 3rd-party certificate in the User Portal.<\/p>\n\n\n\n<p>Currently the same 3rd-party certificate cannot be used in more than one install when using the Advanced Network or the Global Edge Security Network (GES). If a 3rd-party certificate is needed for multiple installs, certificates should be created for each install.<\/p>\n\n\n\n<p>There are a few other stipulations to be aware of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>3rd-party SSLs <strong>can<\/strong> be added to the Legacy Network, Advanced Network, or Global Edge Security.<\/li>\n\n\n\n<li>Lite and Startup plans <strong>cannot<\/strong> have 3rd-party SSL certificates imported.<\/li>\n\n\n\n<li>On Shared WP Engine plans, only Production environments can have an SSL installed. The default WP Engine Staging and Development subdomains will already have SSLs installed as soon as the environment is created.<\/li>\n\n\n\n<li>3rd-party certificates cannot auto-renew, as WP Engine is not the issuer we will not automatically have access to the updated SSL files. 3rd-party SSL certificates should be added as <a href=\"https:\/\/wpengine.com\/support\/ssl\/#Import_3rd-Party_SSL_Certificate\">a new 3rd-party SSL<\/a> when renewal occurs.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Import Using Existing Certificate Files<\/h4>\n\n\n\n<p>If you already have both the SSL certificate <strong>and<\/strong> the matching private key file, use these steps. If you&#8217;re not sure if you have both matching files, proceed instead with the <em>Generate a New Certificate Signing Request (CSR)<\/em> steps below.<\/p>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Before importing a certificate, ensure that the <a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/\" target=\"_blank\" rel=\"noreferrer noopener\">domain(s) have been added<\/a> to the User Portal.<\/p>\n<\/div><\/div>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\" target=\"_blank\" rel=\"noreferrer noopener\">Sites page<\/a>, select the environment&nbsp;<strong>name<\/strong>&nbsp;you wish to upload SSL files for<\/li>\n\n\n\n<li>Click&nbsp;<strong>SSL<\/strong><\/li>\n\n\n\n<li>Click the <strong>Add certificate<\/strong> button (You can skip this step if you don&#8217;t have any certificates yet because you&#8217;ll be automatically redirected to the Add Certificates page after clicking the SSL menu)<br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"233\" class=\"wp-image-125926\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the list of SSLs\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert.png 1568w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-300x117.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1024x398.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-768x299.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1536x598.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-cert-1500x584.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n\n\n\n<li>Select <strong>Import certificate<\/strong><br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"292\" class=\"wp-image-125524\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the options to add a new SSL\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png 2386w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-300x146.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1024x499.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-768x374.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1536x748.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-2048x997.png 2048w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1500x731.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n<\/ol>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Either copy and paste the contents of your existing certificate files into the fields, or select <em>Upload the {key or certificate}&nbsp;file<\/em>\n<ul class=\"wp-block-list\">\n<li><strong>RSA private key (KEY)<\/strong>\n<ul class=\"wp-block-list\">\n<li>Paste in the full key <strong>including<\/strong> <code>-----BEGIN PRIVATE KEY-----<\/code> and <code>-----END PRIVATE KEY----- <\/code>or <code>-----BEGIN RSA PRIVATE KEY-----<\/code> and <code>-----END RSA PRIVATE KEY-----<\/code><\/li>\n\n\n\n<li>If you choose to upload a file instead, key files must be RSA type keys with a <code>.key<\/code> file type.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Certificate (CRT)<\/strong>\n<ul class=\"wp-block-list\">\n<li>Only PEM formatted certificates will be accepted in this field. Paste in the full PEM chain <strong>including<\/strong> <code>-----BEGIN CERTIFICATE-----<\/code> and <code>-----END CERTIFICATE-----<\/code><\/li>\n\n\n\n<li>If you choose to upload a file instead, certificate files must be PEM formatted with <code>.pem<\/code>, <code>.crt,<\/code> or <code>.cer<\/code> file types.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"894\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-1024x894.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the buttons to upload a 3rd-party SSL certificate.\" class=\"wp-image-125935\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-1024x894.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-300x262.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-768x671.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-1536x1342.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs-1500x1310.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certs.png 1864w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol start=\"8\" class=\"wp-block-list\">\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>Verify the certificate information is valid\n<ul class=\"wp-block-list\">\n<li>The correct domain(s) should be listed and selected<\/li>\n\n\n\n<li>The certificate validity date should be current, and not expired<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>Choose <strong>HTTPS Preferences<\/strong>\n<ul class=\"wp-block-list\">\n<li><em>Secure All URLs<\/em> (default) will force all URLs to HTTPS once the SSL has been successfully installed. For more information see <em><a href=\"https:\/\/wpengine.com\/support\/ssl\/#Secure_URL_Options\">Secure URL Options<\/a><\/em> below.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Upload Certificate<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Your certificate and key file will then be reviewed, and if they match they will be installed and activated. If your files do not match, you will receive a notice and the SSL will not be installed or activated.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\">Generate New Certificate Signing Request (CSR)<\/h4>\n\n\n\n<p>This section will help you generate a CSR (<strong>C<\/strong>ertificate <strong>S<\/strong>igning <strong>R<\/strong>equest) and import your matching certificate file to WP Engine. Generate a CSR and follow these steps if you don&#8217;t have a certificate file, don&#8217;t have a key file or if you do not have a matching certificate and key file.<\/p>\n\n\n\n<p>Remember, WP Engine needs <em>both<\/em> a key file and a certificate file that <em>match<\/em> each other to successfully install the SSL. If you generate a CSR through us then we will create and store the private key for you behind the scenes, so all you have to do is bring the CSR to your SSL provider when ordering the SSL and retrieve the matching certificate from the SSL issuer and provide it to us.<\/p>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Before generating a CSR, ensure that the <a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/\" target=\"_blank\" rel=\"noreferrer noopener\">domain(s) have been added<\/a> to the User Portal.<\/p>\n<\/div><\/div>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From the <a href=\"https:\/\/my.wpengine.com\/sites\" target=\"_blank\" rel=\"noreferrer noopener\">Sites page<\/a>, select the environment&nbsp;<strong>name<\/strong>&nbsp;you wish to generate a CSR for<\/li>\n\n\n\n<li>Click&nbsp;<strong>SSL<\/strong><\/li>\n\n\n\n<li>Click the <strong>Add certificate<\/strong> button (You can skip this step if you don&#8217;t have any certificates yet because you&#8217;ll be automatically redirected to the Add Certificates page after clicking the SSL menu)<\/li>\n\n\n\n<li>Select <strong>Generate CSR<\/strong><br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"292\" class=\"wp-image-125524\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the options to add a new SSL\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl.png 2386w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-300x146.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1024x499.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-768x374.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1536x748.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-2048x997.png 2048w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/add-ssl-1500x731.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n\n\n\n<li>Select the <strong>Certificate Type<\/strong>\n<ul class=\"wp-block-list\">\n<li>This should match the type of existing SSL that you will be importing<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select the&nbsp;<strong>domain<\/strong>(s) the certificate was issued for when it was originally purchased<\/li>\n\n\n\n<li>Fill in the necessary <strong>Business Information<\/strong><br><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"549\" class=\"wp-image-125936\" style=\"width: 500px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/generate-csr.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the form to fill out business information when generating a CSR.\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/generate-csr.png 1180w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/generate-csr-273x300.png 273w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/generate-csr-932x1024.png 932w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/generate-csr-768x843.png 768w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/li>\n\n\n\n<li>Click <strong>Generate CSR<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Our system by default generates 256 bit CSR files. If you need a higher bit CSR <a href=\"https:\/\/my.wpengine.com\/support\/\" target=\"_blank\" rel=\"noreferrer noopener\">reach out to our Support team<\/a>.<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li>Next you\u2019ll see a popup that will show your CSR file contents<\/li>\n\n\n\n<li>Confirm the information on the right side of the page is correct<\/li>\n\n\n\n<li>Use the Click to copy button in the top right of the box to ensure you copy the full contents of your CSR correctly or use the <strong>Download CSR file<\/strong> button. The full CSR <em>will include<\/em> the following text at the top and bottom:\n<ul class=\"wp-block-list\">\n<li><code>-----BEGIN CERTIFICATE REQUEST-----<\/code><\/li>\n\n\n\n<li><code>-----END CERTIFICATE REQUEST-----<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h5 class=\"wp-block-heading\">Request Certificate from Issuer<\/h5>\n\n\n\n<p>Once you have the CSR, you must provide it to your 3rd-party SSL certificate authority. The SSL certificate authority, or issuer, is the company from which you originally purchased the SSL certificate.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to your SSL issuer\u2019s portal, or reach out to their Support team<\/li>\n\n\n\n<li>Request your SSL files for installation on another server, you may need to request that the SSL be re-keyed<\/li>\n\n\n\n<li>Provide the CSR file generated in the previous step to the issuer<\/li>\n\n\n\n<li>If the issuer asks for server type, choose&nbsp;<strong>Nginx<\/strong><\/li>\n\n\n\n<li>Ensure the certificate is PEM formatted in the <code>.pem<\/code>,&nbsp;<code>.crt,<\/code>&nbsp;or&nbsp;<code>.cer<\/code>&nbsp;file type<\/li>\n\n\n\n<li>Your SSL certificate issuer will return a newly generated SSL certificate file(s)\n<ul class=\"wp-block-list\">\n<li>There may be multiple files, be sure to save everything the issuer provides<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Copy or save any files provided to your local computer in a location where you can easily find them in the next step\n<ul class=\"wp-block-list\">\n<li>The full certificate contents&nbsp;<em>will include<\/em>&nbsp;the following text at the top and bottom:\n<ul class=\"wp-block-list\">\n<li><code>-----BEGIN CERTIFICATE-----<\/code><\/li>\n\n\n\n<li><code>-----END CERTIFICATE-----<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h5 class=\"wp-block-heading\">Upload Certificate to WP Engine<\/h5>\n\n\n\n<p>When you are ready to upload your certificate, return to the SSL page for the environment in the WP Engine User Portal.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click <strong>Upload certificate <\/strong>to the right of the domain.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"128\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-1024x128.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the button to upload a 3rd-party SSL certificate.\" class=\"wp-image-125937\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-1024x128.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-300x37.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-768x96.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-1536x191.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate-1500x187.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/upload-certificate.png 1853w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Paste <\/strong>or<strong> upload<\/strong> any certificate files provided by the SSL issuer<\/li>\n\n\n\n<li>Click <strong>Next<\/strong>\n<ul class=\"wp-block-list\">\n<li>The file will automatically be compared to the CSR for a match. You will be taken to the next page if the files match.<\/li>\n\n\n\n<li>If the CSR and the CRT <em>do not<\/em> match, you will see the message: <code>This certificate did not match the CSR<\/code>. You will need to copy the CSR again and repeat the steps to retrieve any certificate files from your SSL issuer.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Verify<\/strong> the certificate information is valid\n<ul class=\"wp-block-list\">\n<li>The correct domain(s) should be listed and selected<\/li>\n\n\n\n<li>The certificate validity date should be current, and not expired<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>Choose <strong>HTTPS Preferences<\/strong>\n<ul class=\"wp-block-list\">\n<li><em>Secure All URLs<\/em> (default) will force all URLs to HTTPS once the SSL has been successfully installed. For more information see <em><a href=\"https:\/\/wpengine.com\/support\/ssl\/#Secure_URL_Options\">Secure URL Options<\/a><\/em> below.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Upload Certificate<\/strong><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Potential SSL Issues<\/h2>\n\n\n\n<p>When requesting, installing or activating SSL, it is possible to run into issues. If you experience issues with your SSL, <a href=\"https:\/\/my.wpengine.com\/support\/\" target=\"_blank\" rel=\"noreferrer noopener\">WP Engine Support<\/a> is available 24x7x365 to assist and we&#8217;ve provided some additional troubleshooting information below.<\/p>\n\n\n\n<a name=\"SSL_Issuing_Errors\"><\/a>\n\n\n\n<h3 class=\"wp-block-heading\">Let&#8217;s Encrypt SSL Not Issuing<\/h3>\n\n\n\n<p>If the Let\u2019s Encrypt SSL status is &#8220;Installation in progress&#8221; this may resolve itself automatically within a few minutes, however if it does not, please check the items below. If your SSL request <em>fails<\/em> to process, a Support ticket will be generated titled &#8220;<strong>Certificate Domain Validation Error<\/strong>&#8221; or &#8220;<strong>Certificate Authority Error<\/strong>.&#8221;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is DNS pointed to WP Engine and fully propagated? <a href=\"https:\/\/wpengine.com\/support\/point-domain\/\" target=\"_blank\" rel=\"noreferrer noopener\">Learn how to point DNS here.<\/a>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.whatsmydns.net\/#CNAME\/\" target=\"_blank\" rel=\"noreferrer noopener\">Check A record status here<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.whatsmydns.net\/#CNAME\/\">Check CNAME record status here<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Remove any AAAA (IPv6) records on the top-level domain. (Except when using Cloudflare.)\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.whatsmydns.net\/#AAAA\/\">Check AAAA record status here.<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Remove any conflicting CAA (certificate authority authorization) records. These limit which providers can issue SSL for the domain.\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.whatsmydns.net\/#CAA\/\">Check CAA record status here.<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Let\u2019s Encrypt does not issue certificates&nbsp;for high-risk domain names\u2014those&nbsp;that resemble&nbsp;well-known banks&nbsp;or brands&nbsp;(EX: <code>wellsfargo.world<\/code> or <code>cocacola.info<\/code>) or&nbsp;for sites that&nbsp;<a href=\"https:\/\/developers.google.com\/safe-browsing\/\"><span class=\"s2\">Google tags as unsafe<\/span><\/a>. <\/li>\n\n\n\n<li>Ensure the domain is not being redirected to another domain.<\/li>\n\n\n\n<li>If the domain has a firewall in place, grant an exception for Let&#8217;s Encrypt or disable the firewall. (Bear in mind, Let&#8217;s Encrypt certificates are issued for 90 days periods. Adding an exception is preferred so the issue does not occur again at the next renewal.)<\/li>\n\n\n\n<li>Use Let&#8217;s Encrypt debug tool for more information here: <a href=\"https:\/\/letsdebug.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/letsdebug.net\/<\/a><\/li>\n<\/ul>\n\n\n\n<p>Corrected some of these issues and need to restart a pending SSL order? <a href=\"https:\/\/my.wpengine.com\/support\/\" target=\"_blank\" rel=\"noreferrer noopener\">Reach out to our Support team.<\/a><\/p>\n\n\n\n<a name=\"Third-Party_SSL_Upload_Failure\"><\/a>\n\n\n\n<h3 class=\"wp-block-heading\">3rd-Party SSL Upload Failure<\/h3>\n\n\n\n<p>If a 3rd-party SSL status is pending, the certificate files still need to be uploaded. <a href=\"https:\/\/wpengine.com\/support\/ssl\/#Import_3rd-Party_SSL_Certificate\">Refer to the installation process here for more information.<\/a><\/p>\n\n\n\n<p>If a 3rd-party SSL failed to upload, this is either because the certificate and key files do not match or the files are in the wrong format. If the key and the crt do not match, the 3rd-party SSL upload will continue to fail.<\/p>\n\n\n\n<p>To troubleshoot a 3rd-party upload error, try the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure the domain(s) on the SSL certificate match the exact domain(s) added to the <a href=\"https:\/\/wpengine.com\/support\/add-domain-in-user-portal\/#Add_Domain_in_User_Portal\" target=\"_blank\" rel=\"noreferrer noopener\">Domains page of the User Portal<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/ssl\/#Generate_New_Certificate_Signing_Request_CSR\">Generate a new CSR<\/a>. Even if you already have a certificate and key file- if these are not uploading, our system does not detect a match. Using a CSR will store the matching key on WP Engine. Be sure this new CSR file is provided to your SSL issuer and that it is used to generate a matching certificate file. Be sure to upload this new matching certificate file back to WP Engine.<\/li>\n\n\n\n<li>Copy or upload the file contents <em>exactly<\/em> as provided by the SSL issuer. The contents should begin with a hyphenated line, like <code>-----BEGIN CERTIFICATE-----<\/code>, and end with a hyphenated line, like <code>-----END CERTIFICATE-----<\/code><\/li>\n\n\n\n<li> Only certificate files that are PEM formatted with&nbsp;<code>.pem<\/code>,&nbsp;<code>.crt,<\/code>&nbsp;or&nbsp;<code>.cer<\/code>&nbsp;file types can be used.<\/li>\n\n\n\n<li>Only key files that are RSA formatted with the .<code>key<\/code> file type can be used.<\/li>\n\n\n\n<li>If requested, the SSL certificate should be issued for the Nginx server type.<\/li>\n\n\n\n<li>Invalid CSR &#8211; If this error occurs, the SSL import should be started again by generating a new CSR. <a href=\"#Generate_New_Certificate_Signing_Request_CSR\">See the CSR steps here.<\/a><\/li>\n<\/ul>\n\n\n\n<p>If you have your certificate and key files but would like assistance installing them, please upload the files into the <code>_wpeprivate<\/code> directory using <a href=\"https:\/\/wpengine.com\/support\/sftp\/\">SFTP<\/a> or <a href=\"https:\/\/wpengine.com\/support\/ssh-gateway\/\">SSH Gateway<\/a>, then <a href=\"https:\/\/my.wpengine.com\/support\">reach out to our Support team<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cloudflare<\/h3>\n\n\n\n<p>If you are using Cloudflare, you will also need to configure SSL settings in their dashboard. <a href=\"https:\/\/wpengine.com\/support\/cloudflare-best-practices\/#Cloudflare_and_SSLTLS\">Read more here about configuring SSL when using Cloudflare<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SSL\/TLS certificate warnings for Internet Explorer on Windows XP<\/h3>\n\n\n\n<p>WP Engine uses Server Name Indication (SNI) for SSL\/TLS certificates. SNI provides an efficient way to configure certificates, and it works well with most browsers. However, visitors that use Internet Explorer on Windows XP may see the following error. It&#8217;s best to use an alternate up-to-date browser.<br><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Sucuri WAF<\/h3>\n\n\n\n<p>If you are using a Sucuri Firewall and are having trouble issuing Let&#8217;s Encrypt certificates (new or renewals), you will need to contact Sucuri and ask them to enable the <strong>Forward Certificate Validation to Hosting<\/strong> option for Let&#8217;s Encrypt on your account.<\/p>\n\n\n\n<p>This is because Sucuri <em>also<\/em> offers Let&#8217;s Encrypt certificates, and therefore prevents authorization requests from being routed to a <em>different<\/em> web host (WP Engine in this case).<\/p>\n\n\n\n<p>The setting will ensure that Sucuri forwards the Let&#8217;s Encrypt certificate validation request to the WP Engine (for both new and future certificates) without disabling the Sucuri Firewall.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mixed Content<\/h3>\n\n\n\n<p>Mixed content is media or other links on pages within your website that are not properly secured by SSL. These links use http instead of https when loaded onto the page and will cause an insecure warning on some parts of a website. Mixed content is typically simple to correct, see our <a href=\"https:\/\/wpengine.com\/support\/mixed-content-errors-no-green-padlock-page\/\">correcting mixed content guide<\/a> for more information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Copy or Restore SSL<\/h3>\n\n\n\n<p>SSL files are not stored in site backups. This means SSL is not impacted by copy or restore processes.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSL is not included when copying a site. On the destination environment, the SSL should be reordered (Let&#8217;s Encrypt) or added as a new certificate (3rd-party SSLs).<\/li>\n\n\n\n<li>Restoring the site to an earlier version will not alter the SSL.<\/li>\n<\/ul>\n\n\n\n<p><strong>NOTE<\/strong>: SSL is included when migrating a site to another server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Remove SSL<\/h3>\n\n\n\n<p>At this time WP Engine customers cannot remove SSL certificates on their own. Please reach out to <a href=\"https:\/\/my.wpengine.com\/support\">WP Engine Support<\/a> for assistance deleting the SSL certificate.<\/p>\n\n\n\n<a name=\"secureoptions\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Secure URL Options<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Advanced Network &amp; Global Edge Security SSLs<\/h3>\n\n\n\n<p>Many users on WP Engine will be using automatic SSLs through our <a href=\"https:\/\/wpengine.com\/support\/advanced-network\/\" target=\"_blank\" rel=\"noreferrer noopener\">Advanced Network<\/a> or <a href=\"https:\/\/wpengine.com\/support\/ges\/\" target=\"_blank\" rel=\"noreferrer noopener\">Global Edge Security<\/a> DNS options. We are working on a way to force https by default for these networks. In the meantime, if you would like to force HTTPS on your site, reach out to our <a href=\"https:\/\/my.wpengine.com\/support\" target=\"_blank\" rel=\"noreferrer noopener\">support team<\/a> and they can enable it manually for you.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Let&#8217;s Encrypt &amp; 3rd-party SSLs<\/h3>\n\n\n\n<p>When using Let\u2019s Encrypt or 3rd-party SSLs, HTTPS URLs may also need to be forced. To see the force SSL options, navigate to the SSL page, then view the box for <strong>HTTPS Settings<\/strong> under the list of SSLs to see global options to apply to your 3rd-party and Let\u2019s Encrypt SSLs shown in the list.<\/p>\n\n\n\n<p>To see options for a specific SSL:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click the three dot button to the right of the SSL in the list<\/li>\n\n\n\n<li>Select <strong>Manage secure URLs<\/strong><br><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"203\" class=\"wp-image-125939\" style=\"width: 700px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the menu option to Manage Secure URLs.\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls.png 1681w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls-300x87.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls-1024x297.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls-768x222.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls-1536x445.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/manage-secure-urls-1500x435.png 1500w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/li>\n<\/ul>\n\n\n\n<p>The \u201cSecure all URLs\u201d option forces all pages to automatically serve requests secured with SSL over HTTPS. When using this option do <em>not<\/em> use any additional force SSL\/HTTPS plugins. The \u201cSecure Specific URLs\u201d option uses <a href=\"https:\/\/wpengine.com\/support\/regex\/#ssl\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>RegEx to ensure only the defined URLs are forced to use SSL and HTTPS<\/strong><\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To secure only specific URLs click <strong>Apply<\/strong> after selecting this option<\/li>\n\n\n\n<li>Then click the <strong>Add URLs<\/strong> button<br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"338\" class=\"wp-image-125940\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the button to add a URL to the Manage Secure URLs list.\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls.png 1890w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-300x169.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-1024x576.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-768x432.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-1536x865.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-960x540.png 960w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-urls-1500x844.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li>\n\n\n\n<li>Then add a regex path for each url that you want to secure<br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"242\" class=\"wp-image-125941\" style=\"width: 600px;\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url.png\" alt=\"Screenshot of an environment's SSL page in the WP Engine User Portal showing the text box to add a URL to the Manage Secure URLs list.\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url.png 1887w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url-300x121.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url-1024x413.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url-768x310.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url-1536x619.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2020\/03\/secure-specific-url-1500x605.png 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/>\n<ul class=\"wp-block-list\">\n<li>To learn more about regex click the link to <a href=\"https:\/\/wpengine.com\/support\/regex\/#SSL_Redirects\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Learn how to specify URLs using Regex<\/strong><\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the <strong>Add another URL<\/strong> button to add more URLs<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Force SSL Plugins<\/h3>\n\n\n\n<p>Force SSL plugins can cause redirect loops when their settings conflict with the settings on the SSL dashboard. We recommend that you leverage the settings that we provide in the SSL dashboard as they work server side and have been tested extensively with our platform. Using settings directly at a server level keeps the force SSL functionality on Nginx, making it faster and more effective.<\/p>\n\n\n\n<p><b>How do I know if I use a force SSL plugin?<\/b><\/p>\n\n\n\n<p>It&#8217;s possible for plugins not specifically dealing with security to to include such a setting. For example, certain eCommerce solutions offer an option to force the use of SSL. In general, to find plugins that could be forcing https usage on your website:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log into your site\u2019s <strong>WordPress\u00ae Admin<\/strong> <sup><a href=\"#legal-disclaimer\">1<\/a><\/sup><\/li>\n\n\n\n<li>Visit the <strong>Plugin<\/strong> page<\/li>\n\n\n\n<li>Look for any plugin that mentions <em>Securing Pages<\/em>, <em>HTTPS<\/em>, or <em>SSL<\/em><\/li>\n<\/ol>\n\n\n\n<p><b>Common Force SSL Plugins<\/b><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Force SSL<\/li>\n\n\n\n<li>WP Force SSL<\/li>\n\n\n\n<li>WordPress HTTPS<\/li>\n\n\n\n<li>Verve SSL<\/li>\n\n\n\n<li>Really Simple SSL<\/li>\n\n\n\n<li>Easy HTTPS Redirection<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<p><strong>NEXT STEP: <a href=\"https:\/\/wpengine.com\/support\/mixed-content\/\">How to fix mixed content errors<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Add an SSL to secure your website using Let&#8217;s Encrypt or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.<\/p>\n","protected":false},"featured_media":126216,"template":"","support-categories":[14,6,16,21],"support-tag":[40,184,90,49],"class_list":["post-4227","support","type-support","status-publish","has-post-thumbnail","hentry","support-categories-account","support-categories-platform","support-categories-security-3","support-categories-setup","support-tag-platform","support-tag-platforminformation_sp","support-tag-ssl","support-tag-troubleshooting"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing a Website with SSL - Support Center<\/title>\n<meta name=\"description\" content=\"Add an SSL to secure your website using Let&#039;s Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wpengine.com\/support\/ssl\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing a Website with SSL - Support Center\" \/>\n<meta property=\"og:description\" content=\"Add an SSL to secure your website using Let&#039;s Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/support\/ssl\/\" \/>\n<meta property=\"og:site_name\" content=\"Support Center\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-12T14:55:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"20 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/\",\"url\":\"https:\/\/wpengine.com\/support\/ssl\/\",\"name\":\"Securing a Website with SSL - Support Center\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"datePublished\":\"2020-03-04T18:00:45+00:00\",\"dateModified\":\"2025-11-12T14:55:30+00:00\",\"description\":\"Add an SSL to secure your website using Let's Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/support\/ssl\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/#primaryimage\",\"url\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"contentUrl\":\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\",\"width\":1200,\"height\":630,\"caption\":\"WP Engine\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/support\/ssl\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support Posts\",\"item\":\"https:\/\/wpengine.com\/support\/support\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Securing a Website with SSL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/support\/#website\",\"url\":\"https:\/\/wpengine.com\/support\/\",\"name\":\"Support Center\",\"description\":\"WP Engine&#039;s Support Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing a Website with SSL - Support Center","description":"Add an SSL to secure your website using Let's Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wpengine.com\/support\/ssl\/","og_locale":"en_US","og_type":"article","og_title":"Securing a Website with SSL - Support Center","og_description":"Add an SSL to secure your website using Let's Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.","og_url":"https:\/\/wpengine.com\/support\/ssl\/","og_site_name":"Support Center","article_modified_time":"2025-11-12T14:55:30+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/support\/ssl\/","url":"https:\/\/wpengine.com\/support\/ssl\/","name":"Securing a Website with SSL - Support Center","isPartOf":{"@id":"https:\/\/wpengine.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wpengine.com\/support\/ssl\/#primaryimage"},"image":{"@id":"https:\/\/wpengine.com\/support\/ssl\/#primaryimage"},"thumbnailUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","datePublished":"2020-03-04T18:00:45+00:00","dateModified":"2025-11-12T14:55:30+00:00","description":"Add an SSL to secure your website using Let's Encrypt, RapidSSL Wildcard or a 3rd party certificate. Learn how to force all or just specific pages to HTTPS.","breadcrumb":{"@id":"https:\/\/wpengine.com\/support\/ssl\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/support\/ssl\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/support\/ssl\/#primaryimage","url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","contentUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","width":1200,"height":630,"caption":"WP Engine"},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/support\/ssl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/support\/"},{"@type":"ListItem","position":2,"name":"Support Posts","item":"https:\/\/wpengine.com\/support\/support\/"},{"@type":"ListItem","position":3,"name":"Securing a Website with SSL"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/support\/#website","url":"https:\/\/wpengine.com\/support\/","name":"Support Center","description":"WP Engine&#039;s Support Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support\/4227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/types\/support"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media\/126216"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media?parent=4227"}],"wp:term":[{"taxonomy":"support-categories","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-categories?post=4227"},{"taxonomy":"support-tag","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-tag?post=4227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}