SSL/TLS certificates enable visitors to connect to your site with HTTPS, a secure protocol for exchanging information on the Internet. An SSL certificate will add a layer of secure encryption to your website, so any information your users submit on your website is encrypted. In this article we will explain how to obtain an SSL certificate for your website on the WP Engine platform.
Do I have SSL on my site?
To determine if you have an SSL certificate installed on your website, visit your domain (for example mycoolwebsite.com) with https:// in front. If you see a green padlock next to the “https://” this means your site is secured by an SSL certificate!
You may see a warning next to the “https://”–this means your site is secured by an SSL certificate, but some of the resources requested by your webpage were not loaded over “https.” Learn more about mixed content errors.
If you see an error or “Not secure” instead, your website does not have an SSL certificate installed. But not to worry! WP Engine offers free Let’s Encrypt SSL certificates for all plans. Read on to learn more about SSL options from WP Engine.
How to add an SSL certificate
To add an SSL certificate, first login to your WP Engine User Portal. Navigate to the Overview page for the environment to which you wish to add an SSL certificate. Then click SSL from the left-hand navigation.
Next click the button to Add Certificates to be taken to a list of SSL options. On this page you will see four options for SSL, which we will explain below.
Get free Let’s Encrypt™ certificates
Let’s Encrypt offers free domain-validated (DV), single-domain SSL certificates, which are ideal for almost every website. This means your Let’s Encrypt SSL certificate will cover one domain (for example, mycoolwebsite.com). You will need to select to cover other versions of your domain like www.mycoolwebsite.com as well when adding your SSL certificate.
Select the domains for which you would like to add a Let’s Encrypt SSL certificate, and ensure you have read and agreed to the Terms and Conditions before clicking “Get SSL Certificate.” We also recommend clicking “Secure all URLs” to ensure your entire website loads over HTTPS.
Your free SSL order will take approximately 15 minutes to process, before appearing on the SSL page in your User Portal. You will receive an email when the SSL order has completed. When it appears on the SSL page, you will be able to configure SSL settings.
Buy RapidSSL™ wildcard certificates
WP Engine offers wildcard domain-validated (DV) certificates from RapidSSL. You only need this type of certificate if you need to cover your root domain (mycoolwebsite.com) AND all subdomains (anything.mycoolwebsite.com) with a single certificate.
RapidSSL wildcard certificates cost $199 USD and will cover all subdomains. However, if you only use a few subdomains (www.mycoolwebsite.com, blog.mycoolwebsite.com, and adventures.mycoolwebsite.com for example), it’s much easier to manage the few certificates you need with free Let’s Encrypt SSL certificates instead.
After clicking the RapidSSL option from the list, select the domain(s) for which you would like to add a RapidSSL certificate, enter your contact information, and ensure you have read and agreed to the Terms and Conditions. Last, click the button to “Purchase SSL Certificate.” Ensure the contact information is current, in case RapidSSL must verify your information to complete the purchase.
Your free SSL order will take approximately 15 minutes to process, before appearing on the SSL page in your User Portal. You will receive an email when the SSL order has completed. When it appears on the SSL page, you will be able to configure SSL settings. We recommend clicking “Secure all URLs” to ensure your entire website loads over HTTPS.
Import New or Existing Certificate
Before continuing, please note: The option to import a 3rd-party SSL certificate is available for Growth/Professional plans and higher. It is not available for Personal/Startup plans.
Importing a 3rd-party SSL is ideal if you already have a valid SSL certificate you want to use, or if you need to use an Extended Validation (EV) or Multi-Domain certificate (SAN). Otherwise, we encourage you to use our free Let’s Encrypt option to secure your website!
If you have a 3rd party SSL certificate and the matching private key, select “Import Existing Certificate.” Otherwise, select “Import New Certificate” to generate a CSR (Certificate Signing Request).
You have the certificate and matching key file
If you have an SSL certificate and matching key file, simply open a 24/7 Live Chat window to contact our Support team. Our Support team will help you upload these files securely to WP Engine so we can install them for you. Once the SSL has been installed, you can configure your SSL settings in the User Portal. We highly recommend using the “Secure all URLs” radio button to ensure your entire site is loaded with a layer of secure encryption.
You have the certificate but do not have the matching key file
If you do not have a matching key for your 3rd-party SSL certificate, you will need to use the “Import New Certificate” option to generate a CSR.
You will need to take the CSR to the 3rd-party SSL provider from whom you bought your certificate. The SSL provider will re-key or the certificate to match the CSR, and provide you a new certificate file. If the provider asks for a “server type,” select “Apache” or “Nginx.”
Once you have the new certificate file, you may then upload it to WP Engine using the “upload certificate” option on the SSL page.
Enter your certificate in plain text, or upload the file from your computer. Last, click “notify Support” to ensure we receive the uploaded certificate.
You will receive an email from WP Engine Support when your SSL certificate has been installed. You can then configure your SSL settings in the User Portal. We highly recommend using the “Secure all URLs” radio button to ensure your entire website loads over HTTPS.