Order or Renew a SSL Certificate

To secure a site with https, there are six steps (detailed below):
 
1. Upgrade to Max or Ultimate if on a Basic plan
2. Generate the CSR
3. Submit a certificate order
4. Approve the certificate order
5. Install the Web Server Certificate
 
If renewing a certificate, the process will be identical to ordering a new certificate.  The renewal will issue a new SSL certificate that will be installed to replace the existing one, rather than extending the expiration of the existing certificate.
 
 
Upgrade to Max or Ultimate if on a Basic plan
 
A Max or Ultimate plan is required to install a SSL certificate.  If on a Basic plan, the upgrade is found at Winhost Control Panel > Sites > the domain name > Change Plan (at the bottom of the Site Info pane).
 
 
 
Generate the CSR
 
If on a Max or Ultimate plan, a CSR may be generated through the SSL Manager:  Winhost Control Panel > Sites > the domain name > SSL Manager
 
 
 
CSR fields
 
Common Name:  The domain name being secured.  For example, www.winhost.com.  Or *.winhost.com if ordering a Wildcard certificate
 
Organization:  The legal name of your organization.
 
Organization Unit:  The department in the organization handling the SSL certificate.
 
City / State / Country:  City / State / Country where your organization is located.
 
After filling out the fields, click the "Submit CSR Information" button and the SSL Manager will update with a field containing the CSR.  To order a SSL certificate through Winhost, click the "purchase SSL certs through Winhost" link or click the "SSL Cert" link along the top.
 
 
 
If ordering a SSL certificate directly through a certificate authority, the CSR will be provided to them during the SSL order, then the SSL certificate will be installed through the Winhost Control Panel (step 5).
 
 
Submit a certificate order
 
When purchasing a SSL certificate through Winhost, on the SSL page click the "Order New SSL Certificate" button.
 
 
 
Select the SSL certificate via radial button then, using the drop-down, import the CSR for the applicable common name and "Continue".
 
 
 
On the next page is the approver email contact drop-down.  It's necessary to select a valid approver email address for domain verification purposes.  For that reason, the email address list is auto populated.  If none of the email addresses currently exist at the domain, it will be necessary to create the email address prior to completing the order.
 
 
 
If an email service is being used where each email address is a separate license, as in Office 365 or G Suite, it may be easiest to create an email alias that forwards the email, for example, from admin@domain.com to an active email address.
 
After selecting an approver email contact from the drop-down, review and make any necessary updates to the Admin Contact Information.  The issued SSL certificate is sent in a separate email to the admin email contact.
 
Once done, "Continue" to select the SSL certificate validation period, one or two years, review the CSR and Contact Information, most importantly common name and the approver and admin email contact, then submit the order via the "Order New SSL Certificate" button.
 
 
 
 
Approve the certificate order
 
Barring any issues with the approver email address, the approver email should be received shortly after the order is submitted.  Validate domain ownership with the link provided in the email to receive the SSL certificate at the admin contact email address.
 
 
 
Install the Web Certificate
 
After approval, an email will be received containing two separate certificates: a Web Server Certificate and Intermediate CA.  Only the Web Server Certificate is installed.  The Intermediate CA can be ignored.  Copy and paste the entire block of text, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" notations, as in the below example, into the empty "Install SSL Certificate" field at the bottom of the SSL Manager and click the "Submit Certificate" button to complete the process.
 
 
 
Force https
 
To avoid a "not secure" message in a browser, a forced https redirect will be necessary.  For more information, see the Force https with URL rewrite knowledge base article.
 
 
Note regarding CSR regeneration
 
After submitting a SSL certificate order, do not regenerate the CSR before installing the issued certificate through the Winhost Control Panel.  If the CSR is regenerated after a certificate is ordered, Support will need to attempt to recover the original CSR and manually install the SSL certificate or the SSL certificate will need to be rekeyed with the new CSR.
 
Note, if rekeying the certificate, make sure to not revoke / cancel the certificate order.  Revoking the certificate would mean it is completely invalid and a new certificate would need to be purchased to replace the original certificate.