Get Started
How To Install an SSL Certificate in Magento 2?

How To Install an SSL Certificate in Magento 2?

Magento Hosting

[Updated on May 05, 2025] Is your Magento store ready for the future of shorter SSL certificates? Installing an SSL certificate in Magento 2 lets you create an encrypted channel. You can do this between your customer's browser and the website server.

This tutorial covers installing it in Magento 2, including traditional and free options.

Key Takeaways

  • SSL certificates encrypt data transmission between the browser and the server.
  • Three main types, including Single-Domain, Multi-Domain, and Wildcard certificates.
  • Validation levels determine trustworthiness and security.
  • Let's Encrypt offers free, renewed SSL certificates.
  • GoDaddy certificates provide various validation levels for enhanced security.
  • SSL activation in Magento 2 happens through the Admin Panel & Base URLs configuration.

What is an SSL Certificate?

ssl certificate explanation for magento 2 website security

An SSL certificate is a digital certificate. It creates an encrypted connection that helps verify your site's identity.

An SSL connection moves your site from HTTP to HTTPS protocol. The SSL certificate is a data file hosted on a website's origin server. Once installed, it creates a secure link between a browser and the web server. Customers can then transfer sensitive details like "credit card numbers" and "login details".

The Certificate Authority (CA) issues Magento SSL certificates. After a trusted third party has verified your site, you must contact the CA to generate a new certificate.

Details on the SSL certificate include:

  • Site's domain name
  • Person or company details
  • Certificate Authority details
  • Associated subdomains
  • Issue date of the certificate
  • The closing date of the certificate
  • Public key
  • Private key

Why Use an SSL Certificate in Magento?

Without an SSL certificate, the Magento site will show HTTP. The browser will then send all the data as plain text to the web server. The customer details become easy to steal during data transmission.

During the TLS handshake, you can encrypt the data with an SSL certificate. The security negotiation processes the data between the browser and the server. The TLS handshake occurs when 2 parties open a secure connection and create session keys. The session keys encrypt and decrypt the data after the TLS handshake.

Different session keys are set up to encrypt data for new sessions. This process allows the customer data to remain hidden on each visit.

3 Types of SSL Certificates

1. Single Domain SSL Certificates

A single-domain SSL certificate can be set up for one domain. You cannot use it to verify other domains or subdomains. All pages related to the domain are available with the certificate.

2. Multi-Domain SSL Certificates

A multi-domain SSL certificate lists many domains on one certificate. With an MDC, domains can share a certificate, but they should not be subdomains of each other.

3. Wildcard SSL Certificates

Wildcard SSL certificate is for a single domain and all its subdomains. A subdomain works under the umbrella of the main domain.

3 Validation Levels of SSL Certificate

1. Domain Validation

Domain Validation is the least strict validation level. Since the company's identity is invalid, you must verify the domain. This approach does not take long, as you can issue the certificate fast.

2. Organization Validation

Organization validation includes a manual vetting process. The CA will contact your company to check the necessary details. SSL certificates show the organization's "name" and "address". So you must make them more trustworthy for users than Domain Validation certificates.

3. Extended Validation

Extended Validation includes a full background check of the company. The CA ensures the company has a valid address. The extended validation takes the longest but is more trusted. The certificates must show the SSL secure connection lock on your URL browser. It is a visual clue for users of a trustworthy TLS-encrypted site. The popular SSL for e-commerce websites is Organization Validated and Extended Validation.

Best Practices for Picking an SSL Certificate

Factor/SSL Certificate Type Domain Validated (DV) (e.g., Let’s Encrypt) Organization Validated (OV) (e.g., DigiCert, Comodo) Extended Validation (EV) (e.g., Thawte, GoDaddy) Wildcard SSL (DV/OV/EV) Multi-Domain SSL (SAN/UCC) (DV/OV/EV)
Best For Store Size & Complexity Small stores, single domain Medium to large stores Large or enterprise-level stores Stores with many subdomains Stores with various domains
Domains Covered Single domain Single domain Single domain All subdomains of a domain Several different domains
Trust Level & Indicators Basic – padlock icon only Medium – padlock + organization info Highest – padlock + company name in address bar Varies by validation level Varies by validation level
Validation Time Minutes 1 to 3 days 3 to 5 days Varies depending on validation type Varies depending on validation type
Cost Free or low cost (Let’s Encrypt) Moderate cost High cost Moderate to high cost Moderate to high cost
Renewal Management Automated renewal (Let’s Encrypt) Manual or automated renewal Manual renewal with more paperwork Manual or automated renewal Manual or automated renewal
Technical Support Limited or community support Paid support available Paid premium support Paid support available Paid support available
Magento 2 Store Fit Great for startups, small, or budget-conscious stores Ideal for growing e-commerce stores needing more trust Best for high-trust stores handling sensitive customer data Perfect for multi-store or multi-subdomain Magento setups Best for complex Magento networks with various domains
Other Notes Quick setup, basic encryption Boosts customer confidence, better for conversion rates Shows the strongest trust signals that can improve checkout rates Saves time managing many subdomains with one cert Simplifies the management of various domains under one cert

Prerequisites for Setting Up SSL Certificates for Your Magento Store

1. Configure the Necessary Requirements

Ensure you have the following prerequisites available:

  • Budget for the certificate
  • Registered domain name
  • Web server to install the SSL certificate
  • Certificate Authority and type of SSL certificate
  • CSR (Certificate Signing Request) and Private Key

2. Generate a CSR and Private Key

You might have an Apache HTTP or Nginx web server. Use OpenSSL to generate your "private key" and "CSR" on your web server. The "Common Name" field should match the name you want for your certificate. Ensure all fields reflect your company details for an 'OV' or 'EV' certificate.

For example:

Field Example Value Description
Country Name (2-letter code) US Country code (e.g., 'US', 'CA', 'AU')
State/Province New York Full state/province name (no abbreviations)
Locality (City) New York City where your organization is set up
Organization Name My Company Legal business name (match official documents)
Organizational Unit (Optional) Department/team (e.g., "IT Security" or "Web Operations")
Common Name (FQDN) example.com Exact domain you're securing (e.g., shop.yourstore.com)
Email Address sammy@example.com Administrative contact (often used for closing alerts)

2 Options to Install and Set Up SSL Certificates in Your Magento Store

Option 1: Let's Encrypt Free SSL Certificate Installation

Let's Encrypt is the leading Certificate Authority with a 59.8% market share as of 2025. It offers free automated SSL certificates that work well for many Magento stores.

Prerequisites
  • Ubuntu 24.04 LTS (recommended for 'security' and 'long-term support')
  • NGINX or Apache web server
  • Root or sudo access to your server

Step 1: Install Certbot

installing certbot on ubuntu 24.04 to enable let's encrypt ssl for magento 2

"Certbot is the official Let's Encrypt client that automates certificate issuance/renewal. To install it, run update sudo apt install certbot python3-certbot-nginx.

Step 2: Get an SSL Certificate

For NGINX web servers:

  1. Verify your domain ownership.
  2. Receive certificates.
  3. Configure NGINX.
  4. Set up automatic renewal.

Step 3: Verify Automatic Renewal

Certbot creates a scheduled task to renew certificates before they expire. Verify this with systemctl status certbot.timer. Then, run certbot renew --dry-run to test the renewal process.

Option 2: Get SSL with GoDaddy

Step 1: Buy an SSL Certificate

godaddy ssl purchase options for setting up magento 2 https

GoDaddy is a popular CA and offers all primary certificate types. Follow the steps given below:

  1. Navigate to the 'GoDaddy SSL certificate' page.
  2. Scroll down to see the 'certificate types and plans'.
  3. Select the 'type of certificate' & the 'plan type', such as:
  • Domain
  • Organization
  • Extended Validation
  1. Choose the "duration of validity".
  2. Click on the 'Add to Cart' button.
  3. Review your current order and continue to checkout. Then, complete the registration and payment process.

Step 2: Request Certificate

After you complete your order, follow a few more steps. To request a certificate:

  1. Find the SSL certificate you purchased and click the 'Setup' button.

Note: If you have not used GoDaddy for SSL certificates, you must set up the "SSL Certificates'' product. Requesting the certificate will also depend on your certificate type. Choose the steps using the official GoDaddy page.

  1. After the "SSL Certificates" Product is available on your GoDaddy account, you can:
  2. See the "New Certificate" and the "Launch" button.
  3. Click on the 'Launch' button next to your new certificate.
  4. Provide your 'CSR' by pasting it into the box. The SHA-2 algorithm is available by default.
  5. Use the 'Request Certificate' button to select your certificate.

Step 3: Verify Domain

The next step is to verify that you control your domain. GoDaddy will send a domain ownership verification email to the domain's WHOIS record. Follow the email's instructions to approve the certificate's issuance.

Step 4: Download Certificate

  1. Open the email stating the issuance of your SSL certificate.
  2. Follow the email steps to download your SSL certificate.

Note: You can do this in the GoDaddy control panel by clicking the 'Download' button.

  1. Navigate to the 'Server type' dropdown menu. Then, select the server software you use, such as "Apache HTTP" or "NGINX".
  2. Tap the Download Zip File and then extract the ZIP archive.

Note: It will contain two .crt files. First is an SSL certificate with a random name. Next is the GoDaddy intermediate certificate bundle (gd_bundle-g2-1.crt). Copy both to your web server.

  1. You can now rename the certificate to the domain name with a .crt extension. For example, example.com.crt.
  2. Rename the intermediate certificate bundle as "intermediate.crt".

Note: This process will generate a '.key' and a '.csr' file. The .key file is the "private key" and should remain secure. You can then send the .csr file to the CA to request your SSL certificate. You must copy and paste your CSR to request the certificate from the CA.

6 Steps to Enable SSL Certificate in Magento 2

  1. From the Admin panel, go to Stores > Configuration.
  2. In the General tab, select 'Web'. The Settings page will then be set up.

magento 2 admin panel showing secure urls enabled for storefront and admin

  1. Select the 'Base URLs (Secure)' section and expand it.
  2. Update the "Secure Base URL" option to "HTTPS".

update magento 2 secure base url to https for ssl configuration

  1. Select "Yes" from the drop-down menus for 'Use Secure URLs on Storefront' and 'Use Secure URLs in Admin'. This step will allow you to display the secure URLs on the front end.

navigate to web settings under general tab to configure magento 2 ssl

  1. Tap the 'Save Config' button. Once you have flushed the Magento cache, the storefront will show the updates.

Troubleshooting Common SSL Issues

1. Mixed Content Warnings

If you see mixed content warnings in browsers after enabling SSL:

  1. Check your Magento admin configuration for HTTP URLs.
  2. Review your theme files for hardcoded HTTP resources.
  3. Find non-HTTPS links in your codebase.

2. Certificate Not Trusted

If browsers display certificate warnings:

  1. Verify that you have included intermediate certificates.
  2. Check that your certificate chain is set up.
  3. Test your certificate installation using an online SSL checker tool.

FAQs

1. How can SSL be available on my Magento 2 site?

You can check the URL in your browser. If it begins with “https,” the website uses an SSL certificate. Press the ‘padlock icon’ in the address bar to view the certificate details.

2. What are the system requirements for installing SSL in Magento?

Requirements include a registered domain name, web server, server access, & Certificate Authority selection. For Let's Encrypt, Ubuntu 24.04 LTS is advisable with Certbot installed. Commercial certificates need budget allocation and certificate management capabilities.

3. How do I generate a CSR for Magento 2 SSL installation?

Generate a CSR using OpenSSL on your web server. Enter accurate organization details, including Country, State, City, Organization Name, and Common Name. The process creates a .key file (private key) and a .csr file for certificate requests.

4. Which type of SSL certificate is best for my Magento 2 store?

Domain Validated certificates (e.g., Let's Encrypt) are best for small stores with one domain. Medium to large stores should use organization-validated certificates for increased customer trust. Enterprise-level stores handling sensitive data should consider Extended Validation certificates. Stores with various subdomains need Wildcard SSL. But, stores with different domains need Multi-Domain SSL certificates.

5. How do I fix mixed content warnings after SSL installation in Magento 2?

Check the Magento admin configuration for HTTP URLs. Then, review the theme files for hardcoded HTTP resources. Finally, update all resource references to use HTTPS or relative paths.

6. How do I troubleshoot "certificate not trusted" errors?

Verify that you've installed intermediate certificates alongside your SSL certificate. Ensure proper certificate chain configuration on your web server. Then, run an online SSL checker tool to diagnose specific issues. For Apache, check that your virtual host configuration includes the SSLCertificateChainFile directive. For Nginx, verify that ssl_certificate contains the full chain.

Summary

Installing an SSL certificate in Magento 2 protects your store from data breaches. This process helps Magento store owners:

  • Use free automated options and keep up with SSL practices.
  • Secure your customers' data in the Magento store.
  • Boost conversion rates by completing the checkout process on a secure site.
  • Build customers' trust by adding the green padlock sign to your URL.

Consider managed Magento hosting with an SSL certificate to protect your customers' data.

[Updated on May 05, 2025]

Dikshya Shaw
Dikshya Shaw
Technical Writer

Dikshya leverages her content marketing and writing proficiency to deliver fresh, insightful content. Her meticulous research ensures industry expertise and emerging trends within the Magento landscape.

Related Articles

9 Factors to Choose the Best CDN for Magento 2

Magento 2 Backup Steps using SSH and FTP

In this tutorial, learn how to backup Magento 2 store via SSH and FTP.

Difference Between Group Product and Bundle Product in Magento

How to Setup Redis Cache for Magento 2

This tutorial covers how to set up Magento 2 Redis. We will cover Redis cache for default, full-page, and session cache.

Get the fastest Magento Hosting! Get Started