01 What is SSL & why do I need it?
SSL (now called TLS) encrypts the connection between visitors and your website. It is required for:
- Browser trust, Chrome marks every non-HTTPS site as "Not Secure"
- SEO, Google ranks HTTPS sites higher
- PCI compliance, required for any site collecting card data
- Login forms / e-commerce, encrypts passwords & checkout
| Free Let's Encrypt | Paid SSL (RapidSSL, Sectigo) |
|---|
| Encryption strength | Same (RSA 2048+) | Same (RSA 2048+) |
| Validity | 90 days (auto-renew) | 1 year |
| Validation | Domain only (DV) | DV / OV / EV available |
| Wildcard support | Yes (with DNS challenge) | Yes (paid) |
| Warranty | None | $10k+ depending on type |
| Best for | Most websites | Large e-commerce / banking |
02 Free Let's Encrypt on cPanel (auto)
All ServerBD cPanel hosting plans have AutoSSL enabled. SSL is installed and renewed automatically, no action needed.
To verify SSL is installed
Step 1cPanel → SSL/TLS Status in the Security section.
Step 2You'll see all your domains with green AutoSSL ticks.
Step 3If a domain is missing SSL, tick it and click Run AutoSSL.
Common reasons AutoSSL fails
- The domain doesn't yet point to ServerBD's servers
- An .htaccess redirect blocks /.well-known/
- An AAAA record (IPv6) points elsewhere
- The domain has a CAA record that excludes Let's Encrypt
Tip AutoSSL re-runs daily, once the issue is fixed, SSL is installed within 24h automatically.
03 Free Let's Encrypt on DirectAdmin
Step 1Log in to DirectAdmin → sidebar → SSL Certificates.
Step 2Choose Free & automatic certificate from Let's Encrypt.
Step 3Tick the names to include:
- yourdomain.com
- www.yourdomain.com
- mail.yourdomain.com
- webmail.yourdomain.com
- ftp.yourdomain.com
Step 4Set Key Size to RSA 4096 (or ECC for faster handshake).
Step 5Click Save. The certificate is issued in ~30 seconds.
Step 6Open SSL Redirect and turn on Force SSL with HTTPS Redirect.
Tip DirectAdmin auto-renews Let's Encrypt every 60 days, no manual action needed.
04 Force HTTPS for the whole site
cPanel, easy method
Step 1cPanel → Domains.
Step 2For each domain, toggle Force HTTPS Redirect to ON.
Manual via .htaccess
Step 1Open .htaccess in the File Manager.
Step 2Add at the top:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Step 3Save. Test with an incognito window, http:// should redirect automatically.
05 Installing a paid / wildcard SSL
If your CA gave you certificate files (.crt, .ca-bundle, .key), install them in cPanel.
Step 1cPanel → SSL/TLS → Manage SSL sites.
Step 2Pick the domain.
Step 3Paste the Certificate (CRT), Private Key (KEY), and CA Bundle contents.
Step 4Click Install Certificate.
Step 5Verify by visiting https://yourdomain.com, click the padlock and confirm the certificate name.
Buy a paid SSL →
06 Fixing "mixed content" / no padlock
Mixed content means your page is served over HTTPS but loads images/CSS/JS over HTTP, Chrome will hide the padlock or warn the user.
WordPress fix
Step 1Install & activate Really Simple SSL.
Step 2Click Activate SSL. The plugin auto-rewrites all internal HTTP links to HTTPS.
Manual database fix
# Run in phpMyAdmin → SQL tab on your WordPress DB
UPDATE wp_options SET option_value = REPLACE(option_value,'http://yourdomain.com','https://yourdomain.com')
WHERE option_name IN ('siteurl','home');
UPDATE wp_posts SET post_content = REPLACE(post_content,'http://yourdomain.com','https://yourdomain.com');
UPDATE wp_posts SET guid = REPLACE(guid,'http://yourdomain.com','https://yourdomain.com');
For static / custom sites
Step 1Open Chrome DevTools (F12) → Console.
Step 2Look for Mixed Content warnings, they list each insecure resource.
Step 3Find & replace http:// in your templates with https:// (or use protocol-relative //).