Order or Renew a SSL Certificate

To secure a site with https, there are six steps (detailed below):
1. Upgrade to Max/Ultimate/Power if on a Basic plan
2. Generate the CSR
3. Submit a certificate order
4. Approve the certificate order
5. Install the Web Server Certificate

If renewing a certificate, the process will be similar to ordering a new certificate.  The renewal will issue a new SSL certificate that will be installed to replace the existing one, rather than extending the expiration of the existing certificate.  For renewal, first a new CSR would be generated at Winhost Control Panel > Sites > the domain name > SSL Manager.  Then click the SSL link and then "Renew" to submit the order.
Upgrade to Max plan or higher if on a Basic plan
A Max plan or higher is required to install a SSL certificate.  If on a Basic plan, the upgrade is found at Winhost Control Panel > Sites > the domain name > Change Plan (at the bottom of the Site Info pane).
Generate the CSR
If on a Max plan or higher, a CSR may be generated through the SSL Manager:  Winhost Control Panel > Sites > the domain name > SSL Manager
CSR fields
Common Name:  The domain name being secured.  For example, www.winhost.com.  Or *.winhost.com if ordering a Wildcard certificate
Organization:  The legal name of your organization.
Organization Unit:  The department in the organization handling the SSL certificate.
City / State / Country:  City / State / Country where your organization is located.
After filling out the fields, click the "Submit CSR Information" button and the SSL Manager will update with a field containing the CSR.  To order a SSL certificate through Winhost, click the "purchase SSL certs through Winhost" link or click the "SSL Cert" link along the top.
If ordering a SSL certificate directly through a certificate authority, the CSR will be provided to them during the SSL order, then the SSL certificate will be installed through the Winhost Control Panel (step 5).
Submit a certificate order
When purchasing a SSL certificate through Winhost, on the SSL page click the "Order New SSL Certificate" button.
Select the SSL certificate via radial button then, using the drop-down, import the CSR for the applicable common name and "Continue".
On the next page is the approver email contact drop-down.  The approver email is used to validate ownership of the domain.  For that reason, the email address list is auto populated.  If none of the email addresses currently exist at the domain, it will be necessary to create the email address prior to completing the order.
If an email service is being used where each email address is a separate license, as in Microsoft 365 (formerly Office 365) or G Suite, it may be easiest to create an email alias that forwards the email, for example, from [email protected] to an active email address.
After selecting an approver email contact from the drop-down, review and make any necessary updates to the Admin Contact Information.  The issued SSL certificate is sent in a separate email to the admin email contact.
Once done, "Continue" to review the CSR and Contact Information, most importantly common name and the approver and admin email contact, then submit the order via the "Order New SSL Certificate" button.
Approve the certificate order
Barring any issues with the approver email address, the approver email should be received shortly after the order is submitted.  Validate domain ownership with the link provided in the email to receive the SSL certificate at the admin contact email address.
Install the Web Certificate
After approval, an email will be received with a PEM file attached.  A PEM file is a text file that can be opened with a text editor like notepad.  After opening the file you will see three certificates, but only the first is required.  Copy and paste the entire block of text, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" notations, as in the below example, into the empty "Install SSL Certificate" field at the bottom of the SSL Manager and click the "Submit Certificate" button to complete the process.
Force https
To avoid a "not secure" message in a browser, a forced https redirect will be necessary.  For more information, see the Force https with URL rewrite knowledge base article.
Note regarding CSR regeneration
After submitting a SSL certificate order, do not regenerate the CSR before installing the issued certificate through the Winhost Control Panel.  If the CSR is regenerated after a certificate is ordered, Support will need to attempt to recover the original CSR and manually install the SSL certificate or the SSL certificate will need to be rekeyed with the new CSR.
Note, if rekeying the certificate, make sure to not revoke / cancel the certificate order.  Revoking the certificate would mean it is completely invalid and a new certificate would need to be purchased to replace the original certificate.