How to Install an SSL Certificate on Your Website
An SSL certificate is no longer optional for any website. It encrypts the connection between your server and your visitors’ browsers, protecting data in transit from interception. Without one, browsers display a “Not Secure” warning in the address bar, which erodes visitor trust and can affect your search rankings. Google has used HTTPS as a ranking signal since 2014.
The good news is that SSL certificates are now free for most websites, thanks to Let’s Encrypt — a non-profit certificate authority backed by major tech companies. This guide explains the different types of SSL certificate, how to install one, and how to configure WordPress to use HTTPS correctly after installation.
Types of SSL certificate: DV, OV and EV
SSL certificates come in three validation levels. Domain Validation (DV) certificates — which Let’s Encrypt issues for free — verify that you control the domain and issue within minutes. They display the padlock in the browser address bar and encrypt the connection. For the vast majority of websites, DV certificates provide all the security benefit visitors need.
Organisation Validation (OV) certificates verify the legal identity of the organisation behind the website in addition to domain control. Extended Validation (EV) certificates require the most rigorous identity verification. OV and EV certificates cost between £50 and several hundred pounds per year. They do not offer stronger encryption than DV certificates — the same TLS protocol is used — but they provide a higher level of identity assurance, which matters for banks, financial services and organisations where trust signals are critical.
Installing a free SSL certificate via Let’s Encrypt
If your hosting uses cPanel, look for the “SSL/TLS” or “Let’s Encrypt” section in your control panel. Most cPanel hosts now include AutoSSL, which automatically issues and renews a Let’s Encrypt certificate for all domains on your account. Enable it and your SSL certificate is installed within minutes, with automatic renewal every 90 days — you never need to think about it expiring.
If your host uses Plesk, the Let’s Encrypt extension is available from the Plesk marketplace and can be installed by your hosting administrator. For servers you manage yourself, the Certbot tool from the Electronic Frontier Foundation automates Let’s Encrypt certificate issuance and renewal via the command line. Cloudflare also provides a free SSL certificate at the network edge if you proxy your site through their service.
Configuring WordPress to use HTTPS
Installing the SSL certificate is only half the job. You also need to ensure WordPress serves all its content over HTTPS. In Settings > General in the WordPress dashboard, update both the WordPress Address and Site Address fields to start with https:// rather than http://. This tells WordPress to generate HTTPS links throughout your site.
Next, set up a 301 redirect from HTTP to HTTPS so that anyone visiting the old HTTP version of your site is automatically redirected to the secure version. In cPanel hosting, you can do this via the Redirects tool or by adding redirect rules to your .htaccess file. Also run a search-and-replace in your database to update any hardcoded http:// URLs in your content to https:// — the Better Search Replace plugin handles this easily. Finally, check your site for mixed content warnings (HTTPS pages loading HTTP resources) using a browser developer tool or a plugin such as SSL Insecure Content Fixer.
Common questions.
Do I need to renew my SSL certificate every year?
Will installing an SSL certificate slow down my website?
My site shows “Not Secure” even after installing SSL — what’s wrong?
More on web design & ux.
Want a hand putting this into practice?
Book a free, no-obligation consultation with a Norwich-based specialist.
Let's put your business in a better light.
Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.