Using SSL from Your Hosting Provider Instead
If your hosting provider offers SSL, the process becomes simpler because:
- CSR generation
- Key storage
- Certificate installation
- Renewal
…are often automated within cPanel, Plesk, or a custom dashboard.
However, the overall workflow remains the same:
- Obtain SSL
- Generate CSR
- Verify domain
- Install certificate
- Enable HTTPS
- Redirect HTTP
- Fix mixed content
- Test everything
- Enable HSTS (optional)
- Renew certificate
Buy SSL from Hosting Provider
Below is a clean, correct, step-by-step overview of how to use SSL/TLS on a website—even if you still want users to be able to type http:// and be redirected to HTTPS.
This is the modern production workflow.
✅ General Overview: How to Use SSL/TLS on a Website (Step-by-Step)
You remember correctly:
Buy SSL → Generate keys → Install → Configure website → Redirect HTTP → Serve HTTPS.
Here is the full sequence in detail.
Step 1 — Obtain an SSL/TLS Certificate
You can get one from:
A. Your Hosting Provider
(Easiest — most providers automate everything)
OR
B. A Third-Party Certificate Authority (CA)
Examples: Sectigo, DigiCert, RapidSSL, GlobalSign.
OR
C. Free CA (Let’s Encrypt)
Fully trusted, free, widely used.
Step 2 — Generate Keys & CSR (Certificate Signing Request)
This is usually done in your hosting control panel.
A CSR contains:
- Your public key
- Your domain name (CN)
- Optional SANs
- Organization info (if OV/EV)
You keep:
- The private key (never shared)
The CSR is sent to the certificate provider.
Hosting providers automate this, but if done manually:
Example (Linux):
openssl genrsa -out yourdomain.key 2048
openssl req -new -key yourdomain.key -out yourdomain.csr
Step 3 — Verify Domain Ownership
The CA needs to confirm that you own the domain.
Verification methods:
- Email validation (admin@domain.com, etc.)
- DNS TXT record
- HTTP file upload challenge
Once validated, the CA sends you:
- The certificate (yourdomain.crt)
- The intermediate certificate(s)
Step 4 — Install the Certificate on Your Hosting Server
Depending on your environment:
cPanel / Plesk
Upload:
- Private key
- Certificate
- Intermediate bundle
Nginx
ssl_certificate /etc/ssl/yourdomain.crt;
ssl_certificate_key /etc/ssl/yourdomain.key;
ssl_trusted_certificate /etc/ssl/intermediate.pem;
Apache
SSLCertificateFile /etc/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/yourdomain.key
SSLCertificateChainFile /etc/ssl/intermediate.pem
Restart the service.
Step 5 — Configure Your Website for HTTPS
On your hosting panel or server:
- Enable SSL for the domain
- Point to the certificate and key
- Enable TLS 1.2 and 1.3 (disable older versions)
- Configure cipher suites (hosting usually auto-configures)
At this point, https://yourdomain.com works.
Step 6 — Allow HTTP but Redirect to HTTPS
Even if you still want to use http:// manually, production systems normally redirect HTTP → HTTPS for security.
If you truly want to keep HTTP accessible without redirect, you can — but it’s not recommended.
Nginx Redirect
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
Apache Redirect
In .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Step 7 — Update Application URLs
Ensure your website does not generate mixed content:
- All images → https://
- All CSS/JS → https://
- All API calls → https://
Use protocol-relative URLs if needed:
<script src=”//example.com/script.js”></script>
Step 8 — Test the SSL Setup
Use tools like:
- SSL Labs Test
- SecurityHeaders.com
- Qualys SSL Checker
Check:
- Certificate chain correctness
- TLS version support
- HSTS behavior
- Cipher suite strength
Step 9 — Enable HSTS (Optional but recommended)
Once you’re confident HTTPS works 100%.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
If you still want to allow HTTP sometimes (development or testing), do NOT enable HSTS because it forces browsers to never use HTTP again for that domain.
Step 10 — Renew Certificates Automatically
For Let’s Encrypt: certbot or hosting automation.
For purchased certificates: renew yearly or multi-year via your provider.
⭐ Quick Summary (If You Want a Memory Shortcut)
- Buy SSL or use Let’s Encrypt
- Generate key + CSR
- Verify domain
- Install cert + chain + key
- Enable HTTPS
- Redirect HTTP → HTTPS
- Fix mixed content
- Test
- (Optional) Enable HSTS
- Renew
