Things You Need To Do When Buying an SSL Certificate
When you buy an SSL certificate with Crazy Domains, there are a few simple steps you need to follow for the SSL certificate to be issued.
Activating SSL Certificate
For us to start the activation of SSL Certificate, we need a CSR (Certificate Signing Request) that contains your SSL certificate details. See What is a CSR.
If we host your website, we will generate the CSR for you. However, if your website is hosted elsewhere, you need to generate and get the CSR from your hosting provider.
We will ask for the CSR during the order if you select Another Provider as your web host.
How Would I Know If I Need to Provide a CSR
When placing an SSL order, you will be asked where your website is hosted. If you select Crazy Domains, you don’t need to worry about it — we will generate the CSR for you. However, if you select Another provider, you will need to provide the CSR yourself. In some cases, we may require a new CSR if the one you submitted is invalid for any reason. If this happens, you will receive an email from us requesting a new CSR.
What is a CSR
A CSR is an encrypted code that contains the following information:
-
Common name (the domain name where the SSL Certificate will be issued for)
-
Organization Name
-
Country
-
State or Region
-
City
-
Email address
CSR is a way of sending a message to a Certificate Authority (CA) to request and sign your SSL Certificate (your official SSL Certificate). The message is formatted like a block of text. It's like a very long password.
Here's what a CSR looks like:
What is a Private Key
The Private Key is a crucial code generated along with your CSR. As its name suggests, it must always be kept private. Your CSR and Private Key must match and are both required when installing the SSL certificate. Therefore, you should generate the CSR on the server where you plan to install the SSL certificate. This ensures the Private Key is created and stored securely on the same server, avoiding the need to transfer it between different platforms.
You can use an external CSR generator, but you will need to save the Private Key for later use when installing the SSL certificate. However, we do not recommend this due to the risk involved. Unless you are confident that you can keep the Private Key safe and secure during transfer, it's best to generate the CSR directly on the server where the SSL certificate will be installed.
Here's what the Private Key looks like:
How To Complete a Domain Control Validation or DCV
Once the SSL certificate activation is initiated, Domain Control Validation (DCV) will take place. This process confirms your administrative rights and access to the domain name for the SSL certificate.
There are several ways to validate domain control, but we use the DCV CNAME method by default. This requires you to add a CNAME record to your domain.
If we host your DNS, you won't need to do this. However, if your DNS is hosted elsewhere, you will receive a notification from us with the unique CNAME record needed for DCV.
This is how you can add the unique DCV CNAME record to your DNS:
-
Log in to your DNS management portal (This is where you can manage your domain's DNS records like A, CNAME, MX record, etc.)
NOTE. To find out where your DNS is hosted, you can perform a Whois lookup here: https://www.whoismydomain.com/. On the result, locate the Name Server section. The set of name servers indicates your DNS provider.
-
Add a new CNAME entry.
-
Enter the unique DCV CNAME record we provide (refer to the email we sent).
-
Save the changes and wait for the new DNS to fully resolve (DNS will fully work within 4-48 hours depending on your DNS provider). Refer to the email we sent on how to check if the new CNAME is already working.
-
Reply to the email we sent once this is done, so we can proceed with the domain control validation.
Once we successfully detect the correct CNAME record added to your domain, your DCV will be completed. Your SSL certificate will then be issued and available for download in your Account Manager. However, if you are purchasing a Wildcard or EV SSL certificate, you will need to complete an additional validation process.
Additional Company Validation
For EV and Wildcard SSL certificates, an additional level of validation is required. You will receive an email from us with detailed information and instructions on how to proceed with this validation process.
Installing Your SSL Certificate
If your website is hosted with us, we will install the certificate for free!
If your website is hosted elsewhere, you will need to download the SSL Certificate from your Account Manager and then ask your hosting provider to install it for you. Follow these steps to do so:
Step 1. Download the SSL File
- Log in to your Account Manager.
- Look for the Standard SSL Security product in the My Products section, and then click MANAGE.
- Click the burger icon (three-line bars), and then click Download.
Step 2. Install the SSL Certificate
Contact your hosting provider and request them to install the certificate on your website. Note that some hosting providers may charge additional fees for SSL Certificate installation.