An SSL certificate encrypts the communication between the browser and your site, enabling the HTTPS connection; passwords, form data and payment info your visitor enters are sent encrypted over the network. Modern browsers mark sites without SSL as "Not secure", and Google prefers HTTPS sites in search results. All Kolan IT hosting packages include a free Let's Encrypt SSL certificate, and thanks to cPanel's AutoSSL feature it is installed automatically shortly after your domain is added to your account. You rarely need to do anything manually.
1. Checking SSL Status
- Log in to cPanel.
- In the top search box, type ssl and click the SSL/TLS Status tool. (Alternative: SSL/TLS Status in the Security section.)
- The opened list shows all domains and subdomains on your account, with their certificate status next to each.
Status icons:
- Green lock: Certificate installed and valid.
- Yellow clock: AutoSSL is queued, waiting to install.
- Red cross: Installation failed (usually a DNS issue).
2. Triggering AutoSSL Manually
If the certificate didn't come automatically or you want it tried again for a domain, you can run AutoSSL manually:
- Open the cPanel SSL/TLS Status page.
- Check the boxes next to the domains you want SSL installed for (you can select multiple).
- Click the Run AutoSSL button at the top.
- The process completes in a few minutes; refresh the page to see the result.
3. Automatic Redirection to HTTPS
After the certificate is installed, your site is accessible via both http:// and
https://. To make all visitors automatically use https://, you can
enable the Force HTTPS Redirect option in cPanel:
- On the cPanel main screen, click Domains → Domains.
- Enable the Force HTTPS Redirect checkbox next to the relevant domain.
Alternatively, you can add the following rule to your .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]4. Updating Site URL for WordPress
If you use WordPress, after installing the certificate you also need to update your site URLs to HTTPS, otherwise theme/plugin files will continue to be called over HTTP and you'll get mixed content errors:
- Log in to your WordPress admin panel.
- Go to Settings → General.
- In the WordPress Address (URL) and Site Address (URL) fields, replace
http://withhttps://. - Click Save Changes; your session will end, log in again at the new address.
http://yoursite.com → https://yoursite.com in one go.
5. Mixed Content Warning
Resources loaded over HTTP on an HTTPS page (images, JavaScript, CSS) turn the browser's lock yellow or block some content from loading. Solution:
- Open the browser developer tools (F12) and look at the yellow warnings in the Console tab; it tells you which resource is HTTP.
- In theme/plugin files, change links starting with
http://tohttps://or protocol-relative (//). - For WordPress, the Better Search Replace method above solves most mixed content issues.
6. Certificate Renewal — Automatic
Let's Encrypt certificates are valid for 90 days; however, AutoSSL automatically renews them before expiry — you don't need to intervene. If a certificate fails to renew for some reason, a notification is sent to the cPanel main account email.
7. Common Issues
- "Site not secure" still appears: Even if SSL is installed, your browser cache may be holding an old page. Hard refresh with Ctrl + F5 or try in an incognito window.
- SSL won't install (DNS verification failed): Your domain must be connected to Kolan nameservers or have an A record pointing to our server. AutoSSL can't verify until DNS propagation completes.
- www and non-www behave like separate certificates: Along with Force HTTPS Redirect, also define your www/non-www preference clearly in
.htaccess(redirect both directions). - No SSL on subdomain: If AutoSSL doesn't auto-cover the subdomain, running Run AutoSSL manually usually fixes it.
If you have an SSL activation issue you can't resolve, open a support ticket with your domain; our team will inspect the AutoSSL logs and complete the installation.