Bluehost Web Hosting Help
What Is AutoSSL?
Beginning July 2018, the new version of Chrome will mark all HTTP sites as ‘Not secure’ and prominently highlight this in the URL bar in an effort to create a more secure internet.
The information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When installed on a web server, a certificate will activate the padlock and the HTTPS protocol to allow secure connections from a web server to a browser. Bluehost now provides free SSL certificates for all assigned and parked domain names set up in your account.
AutoSSL is a cPanel feature that automatically installs and renews Let’s Encrypt SSL certificates for every assigned or parked domain on a Bluehost hosting account. In most cases, the SSL will automatically assign and install itself to your new and existing domains; however, some customers may need to manually enable the certificate.
How does AutoSSL work?
AutoSSL is an account-wide setting that can be toggled on and off from within a customer's Bluehost account. When AutoSSL is enabled, a daily cron replaces self-signed certificates and expired (or soon-to-expire) certificates with new Let’s Encrypt certificates. That process also happens immediately for new accounts and for existing accounts when WordPress is installed, AutoSSL is toggled to 'on' in the Hosting SSL Certificates page, or Free SSL Certificate is toggled to 'on' in the Security section of the control panel.
How do I manage AutoSSL?
AutoSSL is automatically enabled when WordPress is installed or the Free SSL Certificate is turned on for an existing WordPress site in your Bluehost control panel. You can disable AutoSSL if you prefer to leave your site unsecured by toggling the Free SSL Certificate to 'Off'. Disabling AutoSSL will not remove the certificate from the account.
How does AutoSSL work with other SSL Certificates?
Any of the usual Comodo certificates can still be purchased for any domains. If AutoSSL is also enabled, the customer will automatically get free Let’s Encrypt certificates for any domain that does not have a Paid certificate If a customer enables AutoSSL, receives one or more Let’s Encrypt certificate and then disables AutoSSL, their website(s) continue to work over HTTPS. However, when their Let’s Encrypt certificates expire, those certificates will not renew on any account where AutoSSL has been disabled.
Will enabling AutoSSL automatically force a site to use HTTPS?
No, AutoSSL doesn't automatically force a site to use HTTPS. This will need to be manually changed (i.e. changing from http://www.domain.com to https://www.domain.com.
Can these certificates be used for email clients?
Not yet. In the future, these certificates will apply to subdomains cPanel automatically creates, including mail.domain.com. Once that feature is in place, you'll be able to use Mail.Domain.com and connect mail clients over secure mail ports.
Can the free AutoSSL and Let's Encrypt certificates be used for eCommerce?
Yes. Customers are welcome to use the AutoSSL certificates for eCommerce if they so choose, but (unlike Paid Certificates) they do not come with a Warranty.
What if I still want the Warranty?
If you would like to have the added liability protection provided by a Warranty, you are still encouraged to purchase a paid certificate through the Control panel.
When will the new free SSL Certificates renew?
AutoSSL will attempt to renew the certificate 25 days before expiration.
Recommended Help Content
How to Manage AutoSSL
In some cases, you may need to manually enable your AutoSSL. This article will go over how to enable the AutoSSL setting. This article will explain how to do so or opt out of using AutoSSL.
How to activate a free WordPress SSL
Bluehost now provides free free SSL certificates for all WordPress sites. This article describes how to activate the free SSL for a WordPress site.
Purchasing or Renewing SSL certificates
How to renew an existing SSL certificate--or purchase a new one, within your cPanel
Related Help Content
Email Security: SSL Trust Error in Email Applications
Occasionally SSL Certificates are reissued and this causes email clients to prompt users to take action after the certificate is changed.
Basic Site Security Checklist
What can I do to increase my Site Security while hosting with Bluehost?
SSL Installation of 3rd Party Certificate
I need to have an SSL 3rd Party Certificate installed for my domain.
How to Download your SSL Certificate
This article explains how to download a copy of your SSL certificate.
How to Upload an SSL Certificate to SiteLock
This article will explain the process for uploading an SSL Certificate to SiteLock's dasboard. The steps for accessing the SSL Manager may vary depending on which user interface your account uses.
Google Security Updates
Google Chrome is updating their browser to improve internet security.
Clients in China Are Unable to View My Website
Clients in China are unable to view my website. My website's content doesn't contain any objectionable material.
My Website Is Slow
The website is taking a long time to load. It just seems slower today than normal.