How to Set Up an SSL Certificate for Website Security
An SSL (Secure Sockets Layer) certificate assures visitors that your website is protected, providing encryption for transactions and data exchanges. This guide will walk you through setting up your SSL certificate after purchase. Keep in mind that your SSL certificate is linked to the specific domain used for your website.
In this article, we will discuss:
How to Configure your SSL
Configuring SSL (Secure Socket Layer) on your Bluehost-hosted website ensures secure data transmission. It establishes trust with visitors. Here's a step-by-step overview of how to configure SSL in Bluehost:
Note:
- Premium and Wildcard DV certificates should typically be automatically fulfilled when you purchase hosting with Bluehost® and select your domain. However, if this does not occur or errors arise, customers may need to follow the manual process outlined in this section to assign their domain, validate their certificate, and complete the installation.
- For DV (Domain Validation) certificates, a post-purchase configuration process involving three steps will be necessary.
After purchasing an SSL certificate, follow these steps:
- Log in to your Bluehost Account Manager.
- Click the Security tab in the left-hand navigation menu.
- Choose a package name and click the MANAGE button to access the product details.
- On the SSL Certificate page, you can do either of the following:
- If you have disabled the popup blocking feature in your browser, please wait for the SSL Control Panel to appear in a new browser window.
- If you have enabled popup blocking, please adjust your browser settings and click the link provided to reactivate the SSL Control Panel.
Note:
- If you have more than one SSL certificate in your account, choose the SSL you want to manage.
- The SSL Control Panel will open in a new browser window. Make sure that the popup blocking feature in your browser is disabled.
- Assign the domain name that you want for your SSL Certificate.
- Enter the domain name.
- Re-enter the domain name.
- Click the CONTINUE button.
Important:
- Ensure you issue your SSL certificate to the exact version of the domain or subdomain you intend to assign it to (e.g., example.com, www.example.com, or store.example.com).
- Remember that once the domain is assigned, it cannot be changed.
- The system will conduct a verification check to determine if the entered domain is assigned as a domain pointer to a hosting package managed by Bluehost®.
- If Bluehost® does not host your website, you will be prompted to select a server type and input a CSR (Certificate Signing Request).
- If the domain is pointed to our hosting, the server type will be determined by the package it is assigned to (either Windows - IIS or UNIX - Apache). Additionally, for your shared hosting package, the CSR will be automatically generated on the back end and attached to the validation request to facilitate the creation of certificate files post-validation.
The CSR (Certificate Signing Request) is the essential component of your SSL certificate, containing comprehensive information about the server, organization, domain, private key, and encryption strength necessary for SSL. It is the foundation for generating SSL installation files. It governs the handshake process to establish secure connections during browser sessions.
Note:
- If your website is hosted by a third-party provider, the responsibility falls on you to supply the CSR for validation.
- However, if Bluehost® hosts your website, this step is automatically managed on the backend during the configuration process.
To proceed with SSL installation when Bluehost® does not host your website but you have purchased our SSL product, follow these steps:
- Choose the type of server software offered by your current hosting provider.
- Input the CSR provided by your current hosting provider into the Enter CSR From Web Host field.
- Click the Continue button to initiate the SSL installation process.
Now that you've assigned your domain and supplied your CSR proceed to select a validation email address to receive the validation code and confirmation URL.
Important: If you've enabled Private Domain Registration on your domain, we strongly discourage disabling it to complete the validation process. Disabling Private Domain Registration may expose your contact information in WHOIS. Alternative validation methods are available. Start by configuring email validation, and our support agent can assist with changing the method if needed.
Other Validation Methods
- HTTP/.txt File: When Bluehost® manages all certificate components (Domain, Hosting, and SSL), automatic creation of a .txt file based on the MD5hash and SHA256 components of the CSR occurs. This file is then uploaded to the webspace via FTP. This method expedites SSL issuance and can also be created manually and uploaded.
- CNAME: This method is becoming preferred due to email challenges. You'll receive a CNAME to add to your DNS Zone provider. If Bluehost® hosts your website, our support agent can assist with DNS record updates. Alternatively, you or our support agent can add the CNAME via the Account Manager for validation and SSL issuance. Please refer to Updating CNAME Records for Validation.
Completing Validation for Domain Validation Certificates
- Validating via Email
Upon completing the steps, you'll receive an email containing a secure link to activate validation and generate the SSL. Clicking this link notifies the Validation team within an hour that the confirmation is complete. - Validating via CNAME
A unique CNAME is generated for each SSL validation request. Our support agent provides you with the CNAME and further instructions. No email confirmation is required; the Validation team may take 1-2 hours to confirm this. Please see Updating CNAME Records for Validation. - Validating via HTTP TXT File
A special MD5 Hash Code is generated for each SSL validation request. Our support agent uses this data to create a .txt file for uploading to your FTP site files. No email confirmation is necessary for HTTP validation, and it may take 1-2 hours for the Validation team to confirm.
Additional Steps for Organization, Extended Validation, and Wildcard SSL
In addition to the steps mentioned for Domain Validation certificates, OV and EV certificates require additional information. You'll need to fill out an additional form with details related to your business or organization, which will be included in the SSL files.
Completing Validation Next Steps for OV, EV, or Wildcard Certificates
- Validating via Email
After the steps, you'll receive an email with a secure link to activate validation and generate the SSL. Clicking this link informs the Validation team that confirmation is complete within an hour. - Validating via CNAME
A unique CNAME is generated for each SSL validation request. Our support agent provides you with the CNAME and instructions. No email confirmation is required for CNAME validation; the Validation team may take 1-2 hours to confirm this. Please refer to Updating CNAME Records for Validation. - Validating via HTTP TXT File
A unique MD5 Hash Code is generated for each SSL validation request. Our support agent uses this information to create a .txt file for uploading to your FTP site files. No email confirmation is needed for HTTP validation, and it may take 1-2 hours for the Validation team to confirm. - Validating via Phone Call
In addition to email, CNAME, or .txt file validation, you must respond to an email triggering a verification phone call back. This automated call is initiated by clicking a link in the phone verification email, providing you with a PIN. - Timeframes
After the configuration and validation steps are completed, the SSL files will be issued and uploaded to your Account Manager. You will also receive email notifications. The SSL validation and issuance timeframe varies based on the SSL type and how promptly you complete the validation steps.
Tip: You can check your SSL certificate's status within the SSL Control Panel. For more information on SSL status, refer to the Status Definitions link within the SSL Control Panel.
How to Update CNAME Records for Validation
Important:
- The following instructions pertain exclusively to websites hosted by Bluehost®. If your website is not hosted by Bluehost®, it is imperative that you contact your current hosting provider to include the CNAME records provided by our support agent.
- To acquire your CNAME records, please reach out to our support team. You can initiate contact with our support via chat by visiting Bluehost.com and selecting the Contact Us icon. When contacting us, kindly specify that you are in the process of validating your SSL Certificate through CNAME validation.
- Upon receipt of an email containing the CNAME information, insert these records into your DNS manager by following the steps outlined below. For those not utilizing Bluehost® as their hosting provider, the addition of CNAME records should be handled through your DNS provider.
To update your CNAME records via the Account Manager, follow these steps:
- Log in to your Bluehost Account Manager.
- Click the Domains tab on the left-side navigation menu.
- Choose the respective domain name you want to update the DNS Settings by following either of the steps below:
- If you have multiple domains, please follow the steps below:
- Click the ⋮ (vertical ellipses) icon.
- Click the Manage dropdown option and then you will be rerouted to the Domain Overview page of the respective domain you have chosen.
Tip: You can simply click the domain name link and then you will be rerouted to the Domain Overview page of the respective domain you have chosen.
- If you only have a single domain, you will be rerouted to the Domain Overview page.
- If you have multiple domains, please follow the steps below:
- Scroll down to the Advanced Tools panel and click the ˅ symbol to expand it.
- Click MANAGE next to Advanced DNS Records.
- Click the +RECORD button.
- Fill out the details in the Advanced DNS popup:
- Please choose CNAME as the Type.
- Please choose Other Host in the Refers to dropdown menu.
- Input the Host Name (Host) and Alias (Points to) provided by our support agent via email or chat. For a sample CNAME record, please refer to the screenshot provided in your email or chat.
Important: Be sure to include the underscore "_" at the outset of the Alias and ensure there are no extraneous spaces in both the Host Name and Alias.
- Set the recommended value of the TTL (Time To Live) to 2 Hours.
Note:
- If you are re-issuing or revalidating an SSL Certificate, replace the existing one with the new CNAME one.
- However, if you are uncertain about removing your current CNAME record, we recommend consulting your DNS provider to avoid inadvertent record removal.
- Lastly, click the ADD button to finalize the process.
Summary
An SSL (Secure Sockets Layer) certificate is essential for website security, encrypting data exchanged between your visitors and your website. This article explains how to get started with an SSL certificate on Bluehost, covering SSL configuration, domain validation steps, and how to update CNAME records. Follow these instructions to secure your website and assure visitors of its safety.
If you need further assistance, feel free to contact us via Chat or Phone:
- Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
- Phone Support -
- US: 888-401-4678
- International: +1 801-765-9400
You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.