1. bluehost knowledge base

What Is AutoSSL? How Does AutoSSL Work?

AutoSSL is an account-wide setting that can be toggled on and off from within a customer's Bluehost account. When AutoSSL is enabled, a daily cron replaces self-signed certificates and expired (or soon-to-expire) certificates with new Let’s Encrypt certificates. That process also happens immediately for new accounts and for existing accounts when WordPress is installed, AutoSSL is toggled to 'on' in the Hosting SSL Certificates page, or Free SSL Certificate is toggled to 'on' in the Security section of the control panel.

Enabling Bluehost's free SSL is quick and easy. By enabling an SSL for your website, your domain will be given the "HTTPS://" prefix, which means your website will be labeled as "secure" in most web browsers. This article will help guide you through enabling or disabling the Free SSL provided by Bluehost. 


If you are interested in our Paid SSL Options, please visit our SSL Certificate page, and select the SSL plan that works best for you.
  • If you are using a 3rd party CDN, login to your CDN provider’s dashboard and locate their SSL management page. From there, you can copy and paste the SSL certificate and key information we have provided.
  • If you do not have a website with Bluehost, you will be unable to use the Free SSL.

If you have a website, but your domain is hosted with another provider, you will need to log into your domain provider’s dashboard and make sure the A Record for your domain is pointed to the IP address associated with your Bluehost website. Otherwise, you will be unable to use the Free SSL
 



How to Enable Free SSL for WordPress users

Legacy

  1. Log in to your Bluehost dashboard, and navigate to the SSL Certificate product page.
  2. If the Free SSL (AutoSSL) is currently disabled, choose the domain you would like to install to in the upper right-hand drop-down box Install SSL on
  3. Click Enable AutoSSL.
  4. Once the Free SSL (AutoSSL) is enabled, navigate to the Security tab in the My Sites section of your dashboard.
  5. Under Security Certificate, ensure that the toggle switch is On.
    • If your toggle is already On, your site is secured by an SSL and no other action is necessary.
    • If the switch is Off, click the toggle to turn it On.
  6. Test to make sure your SSL certificate is working by typing in your domain name and navigating to your website. You should see HTTPS:// appear before your domain name and any subsequent pages on your site.

Rock

  1. Log in to your Bluehost account.
  2. Click on My Sites from the left side navigation menu, select the WordPress website by clicking the Manage Site button.
  3. Locate the Security Option.
  4. Under Security Certificate, enable the Free SSL certificate by toggling the switch icon.
If you still do not see your website as “secure,” please contact our support team at: 888-401-4678.

How to Enable Free SSL for Non-WordPress users

Legacy

  1. Log in to your Bluehost dashboard, and navigate to the SSL Certificate product page.
  2. If the Free SSL (AutoSSL) is currently disabled, choose the domain you would like to install to in the upper right-hand drop-down box Install SSL on
  3. Click Enable AutoSSL.
     

Rock

  1. Log in to your Bluehost account.
  2. Click on Marketplace from the left side navigation menu.
  3. Scroll down to Featured Products and locate the SSL Certificate option.
  4. Under the SSL certificate Page, scroll down and locate "Install SSL On:"  click the drop-down menu to select your domain name.
  5. Once the domain is selected, click on Enable Free SSL.

Once the Free SSL (AutoSSL) is enabled, you may need to add a redirect to ensure the domain resolves to the HTTPS protocol.

Adding a Redirect in the File Manager

  1. Once the Free SSL (AutoSSL) is enabled, navigate to the File Manager section of your dashboard.
  2. Locate your .htaccess file. The primary .htaccess file is located in your public_html folder. 
    To learn more about accessing this file, please see our .htaccess Tutorial.
  3. Click on the file to open your Code Editor.
  4. Using the Code Editor, add these lines to the beginning of your .htaccess file:

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]


    Note: Substitute example.com with your domain name.
  5. Test to make sure your SSL certificate is working by typing in your domain name and navigating to your website. You should see HTTPS:// appear before your domain name and any subsequent pages on your site.
If you still do not see your website as “secure,” please contact our support team at 888-401-4678.

How to Disable Free SSL

NOTE: Disabling the Free SSL and not purchasing a Paid SSL may cause your website to be marked "not secure". This could reduce the credibility of your site with visitors.

If you want to disable the Free SSL:

  1. Log in to your Bluehost dashboard, and navigate to the SSL Certificate product page.
  2. If the Free SSL (AutoSSL) is currently enabled, simply click the Disable AutoSSL button and select a paid SSL that fits the needs of your website instead.