A Guide to Activating an SSL Certificate
After acquiring your SSL, the next step is to activate it to ensure it functions correctly on your site. Initially, you’ll need a CSR code, which can be generated on your server by your hosting provider. Alternatively, you can generate one yourself by following our guide on creating a CSR code.
Before you start the SSL activation process, please keep these important points in mind.
Key Points Before Activating Your SSL
- Confirm with your hosting provider if they support SSL certificates from third parties.
- Some hosting providers might still necessitate a dedicated IP address for SSL installation. Therefore, it’s crucial to verify this with your server provider.
- Note: On 1Byte hosting, a dedicated IP is not a requirement for SSL installation as all our servers are equipped with SNI technology.
- Make sure to locate and back up the RSA private key that comes with your CSR code. This will be needed for the installation. Without this code, the certificate installation won’t be possible.
If you’re using 1Byte hosting services, please refer to this article for assistance.
Note: If you need to activate a renewal certificate, it can be done either from the SSL Certificates list or from the Domain List with the All Products option selected at the top.
Once your CSR code is ready, sign in to your 1Byte account and initiate the activation process:
1. Move your cursor over your account username in the top left corner, then choose Dashboard.
2. Next, navigate to the SSL Certificates tab.
Activating Your SSL
1. Activate your SSL Select Activate next to the certificate you want to activate.
2. Input (or copy-and-paste) your CSR code and click Next.
Note: At this stage, if you’re activating a multi-domain certificate, you’ll need to list the additional domains you want to include in the issued certificate. The activation process for the Multi-Domain certificate is explained in more detail elsewhere.
3. Note: SSL certificates cannot be issued for domains deemed unsafe by Google Safe Browsing. All unsafe domains will be automatically excluded from Multi-Domain SSL Certificates by Sectigo Certificate Authority (CA). You can check the Safe Browsing site status elsewhere. On the following page, choose the Domain Control Validation method (DCV) to verify your domain ownership from the drop-down list.
- For the CNAME-based method, you’ll need to generate a unique record in your domain DNS. This CNAME record will be provided post-activation.
- For the file-based validation, you will need to upload a specific text file into a certain directory of your website (/.well-known/pki-validation/) to have the certificate issued. After the order is submitted to the Certificate Authority for activation, you’ll be able to download the certificate file in your account.
Note: The content of the file must remain unchanged, as the Sectigo validation system is case sensitive.
Note: If you have activated the certificate with domain.com or www.domain.com specified as Fully Qualified Domain Name (FQDN) in your CSR code, please ensure that the file is accessible via http://domain.com/.well-known/pki-validation/file.txt and http://www.domain.com/.well-known/pki-validation/file.txt. Thus, domain.com and www.domain.com are considered to be under your control.
Note: This method is not applicable for Wildcard SSLs.
- For the Email-based option, choose an email address to which the approval email will be sent. For security reasons, the approval email can only be sent to either a Whois registered email address or a generic email associated with the domain name (e.g., webmaster@, postmaster@, hostmaster@, administrator@, admin@).
4. You can find more information about validation methods elsewhere.
After you’ve chosen the suitable DCV method, click Next.
5. On the following step, input the email address where you would like to receive an SSL certificate and proceed. If you have an Extended Validated (EV) certificate, please specify your official company email address at this point.
For either the Organization Validated (OV) or Extended Validated (EV) certificates, you’ll also be asked to provide the company details:
Important: Please make sure to specify the officially registered business email address for the company in the “Representative” section.
Note: Administrative contact email cannot be altered later, however, the issued SSL can always be downloaded from the 1Byte account.
6. Note: The “Representative” section is only required for OV certificates.
Note: Please remember that changes to the company details for OV/EV certificates can be made during reissue, but only within the first 45 days of certificate issuance. Review the information and click Submit to confirm your certificate request.
7. Once completed, you will be directed to the certificate Management page, where you can view the Order ID, Certificate Authority’s order ID (‘CA order ID’), and other details of the certificate.
Note: Instructions on how to toggle between the DCV options can be found in the yellow panel at the top of the page. Use the provided link to navigate to the ‘Edit methods’ page.
By clicking the link from this page (Edit methods), you’ll be redirected to a page where you can review information related to the certificate and switch the DCV options.
Enabling the SSL Certificate Through Verifications
- Verify domain validation and other necessary SSL validation steps, if required
Confirmation emails are dispatched to the approval address within 10 minutes of activation. You must validate the issuance by clicking the link included in the approval email. The validated certificate will then be emailed to the administrative email address provided during the activation. An HTTP-based and CNAME-based validation might take more time, as the Certificate Authority needs to locate the file or record. Ensure that the file is publicly accessible and that no firewall is blocking requests to your server.
The validation system employed by a Certificate Authority conducts automatic checks of the validation file/record over a specific period. If validation fails, verify that the file/record data is accurate and accessible, and make any necessary modifications. Once the data is accurate and accessible, the file/record should be validated when the CA validation system performs its next check.
Sectigo OV/EV certificates will still dispatch a domain validation email before the CA’s document submission request. If you order an OV/EV certificate, the Certificate Authority will send you a list of required documents to authenticate your business, depending on the certificate type. To speed up the certificate issuance, also ensure that the Whois for your domain contains the correct contact information. Order processing by the Certification Authority may take up to an hour. If you do not receive an approval email within the specified timeframe or the certificate has not been issued after one hour, and you have confirmed that the file or record is publicly accessible, please reach out to our SSL Support Team via Live Chat or Ticket for further assistance.
- Verify issuance and download SSL
Once your SSL is authenticated and issued, it is sent to the administrative contact email address that you provided during the SSL activation process in your 1Byte account. The identical certificate files can also be retrieved in your 1Byte account once the certificate status switches to “Active”, here’s the procedure.
- Verify that the SSL is correctly installed on the server
The final step to make your website accessible via https:// is to deploy the SSL files on your Web Hosting server. You can find the relevant instructions for the most common hosting platforms and servers here.
Feel free to use this tool to inspect the SSL installation: https://ssl-checker.1byte.com/