Table of Contents
Cloudways Platform provides you complete freedom to install an SSL certificate bought from any Certificate Authority (CA) or certificate vendor. This article will demonstrate the entire procedure of deploying a custom SSL certificate on your website hosted on Cloudways. We also have an article that explains what SSL is and why you need one.
Important
If you have integrated Cloudflare Enterprise on your application, there is no such requirement to install an additional SSL certificate. If you still wish to install one, you can install a custom SSL certificate on your Cloudways origin server to achieve an extra layer of security; however, it is not mandatory.
How to Install Custom SSL Certificate
Deploying a custom SSL certificate is straightforward with the following steps. If you already have an SSL certificate configured on your website, installing another one will overwrite the existing one, as one application can only have one certificate.
Tip
Alternatively to a custom SSL certificate, you can install a Free Let's Encrypt SSL Certificate on your website using the Cloudways Platform.
Prerequisites
Your website should be live. It means that domains are mapped correctly, and DNS records are correctly pointed.
See if your web application is compatible.
Step #1 — Navigate to SSL Management
Log in to the Cloudways Platform using your email address and password.
From the top menu bar, click Servers.
Then, choose your target server where your desired application is deployed.
Next, click www.
Select your application.
Under Application Management, click the SSL Certificate.
Step# 2 — Deploying SSL Certificate
Further steps vary based on the current scenario, whether you already have purchased an SSL certificate or not. So, choose from the given choices.
Choice #1 — I already have an SSL Certificate
Suppose you have already purchased an SSL certificate. In that case, you directly need to deploy it on your application using the Cloudways Platform.
Select "I already have a certificate" from the dropdown.
Next, click Install SSL.
You will be prompted to enter the CRT content and Key content.
CRT content — Refers to your application SSL certificate file content. Most of the SSL vendors usually provide this in .crt or .cer file format (e.g., domain.crt/domain.cer).
You also need to concatenate your CA Chain, which Refers to the certificate chain (intermediate certificate). It is usually provided in .ca or .ca-bundle file format (e.g., mdomain.ca/domain.ca-bundle). You can use any text editor such as Notepad for Windows and TextEdit for Mac for concatenation.
KEY content — All SSL certificates require a private key to work. The private key is a separate file with an extension .KEY that's used in the encryption/decryption of data sent between your server and the connecting users. A private key is created by the certificate owner when you request your certificate with a Certificate Signing Request (CSR).
Please note that these file formats and standards can vary, considering many SSL certificate providers have many different formats and standards. Still, if you need any help, you can always contact us via chat or create a support ticket.
Finally, click Submit to deploy the certificate.
Tip
To view and copy your certificate file content (.crt/.cer file), you can use any text editor such as Notepad for Windows and TextEdit for Mac. Please copy and paste the whole certificate, including —–BEGIN CERTIFICATE —– & —– END CERTIFICATE —– lines.
Your application will have an SSL Certificate deployed in a few minutes. Please be advised that Custom SSL certificates installed using this option are renewed and revoked at your concerned Certificate Authority's end but can be removed from your application at the Cloudways Platform by clicking Remove SSL.
You may also be prompted to force HTTPS redirection.
Choice #2 — I don't have an SSL Certificate
Suppose you haven't purchased an SSL certificate yet. In that case, you first need to generate a CSR using the Cloudways Platform and buy an SSL Certificate from any Certificate Authority (CA) or vendor such as DigiCert, Namecheap, Comodo, etc.
Select "I do not have a certificate" from the dropdown
Next, click Create CSR.
Now, a dialog box will appear, prompting for the following information. This information is asked for the CSR generation.
Tip
CSR refers to Certificate Signing Request, and it is a small file in which you provide information about the certificate to be created. When purchasing an SSL certificate from the Certificate Authority (CA), CSR is required.
Country: Select your country. In this example, we are inputting the United States.
States: Input your state, e.g., California.
Locality: Input your locality/city, e.g., Los Angeles.
Organization Name: Write your organization/business name.
Organizational Unit: Input organizational unit, e.g., sales and marketing.
Email: Input your email address.
Domain: Now, its time to add your domains(s), so there are a couple of instructions which are as follows:
If you only want one domain secured by an SSL certificate, enter that domain.
If you want multiple domains to be protected using an SSL certificate, you need to enter your first domain, tick SAN, and add the rest of the domains by clicking Add Domain.
If you wish to generate a Wildcard SSL certificate, you must enter your root domain beginning with an asterisk (e.g., *.example.com).
Once done, click Submit.
Tip
Need help in choosing between single or multiple domains SSL? Learn about the difference between single, multiple, and wildcard SSL.
Now it's time to purchase the SSL certificate. First, click Download CSR to download the CSR file and buy an SSL certificate. CSR file will be used when purchasing the SSL certificate, and if you are asked about the server type (or a similar question), you may choose apache+mod_ssl.
Tip
If you would like to update any of the details provided in the CSR before purchasing the SSL certificate, click Re-Create CSR and update the information.
The final step is installing the SSL Certificate, so click Install Certificate.
Next, enter the Certificate Code and CA Chain. Both are provided by your Certificate Authority (CA) or vendor from whom you have purchased it.
Certificate Code — Refers to your application SSL certificate file content. Most of the SSL vendors usually provide this in .crt or .cer file format (e.g., domain.crt/domain.cer).
CA Chain — Refers to the certificate chain (intermediate certificate). It is usually provided in .ca or .ca-bundle file format (e.g., mdomain.ca/domain.ca-bundle).
Please note that these file formats and standards can vary, considering many SSL certificate providers have many different formats and standards. Still, if you need any help, you can always contact us via chat or create a support ticket.
Finally, click Submit to deploy the certificate.
Tip
To view and copy your certificate file content (.crt/.cer file), you can use any text editor such as Notepad for Windows and TextEdit for Mac. Please copy and paste the whole certificate, including —–BEGIN CERTIFICATE —– & —– END CERTIFICATE —– lines.
Your application will have an SSL Certificate deployed in a few minutes. Please be advised that Custom SSL certificates installed using this option are renewed and revoked at your concerned Certificate Authority's end.
You may also be prompted to force HTTPS redirection.
Forcing HTTPS Redirection
It's time to force HTTPS redirection to ensure that your site always runs on a secured protocol. Once prompted, click Enable HTTPS. Please note that you can also force HTTPS redirection later as well.
Important
It is not mandatory to force HTTPS redirection using the Cloudways Platform if you have previously set it up using any firewall such as Cloudflare, Sucuri, application plugin, etc. However, if you want to force HTTPS redirection from the Cloudways Platform, you need to disable any redirection mechanism working elsewhere first.
Here comes the next step of verifying your SSL certificate to ensure that your certificate is configured correctly.
How to Verify Your SSL Certificate
We highly recommend verifying your SSL certificate, and we have created a self-explanatory guide for it. Verification is done to ensure that the SSL certificate is configured correctly.
That's it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.