Knowledge Base

Install a Wildcard SSL Certificate on your VPS or Dedicated Server

Installing a wildcard SSL certificate in cPanel isn't easy; once you have it installed, it can be a bit troublesome to take advantage of the wildcard feature.

Some say you need a dedicated IP address for every subdomain you want to install SSL. They might also say that manual edits to the 'httpd. Conf files are required, or you shouldn't have any issue adding subdomains and having them operate with HTTPS.

However, this isn't the case.

To install a wildcard SSL on cPanel:

  1. Log in to your WHM account.

  2. Navigate to the Security Section, then click SSL/TLS.

  3. Under Certificate Signing Requests (CSR), click 'Generate, view or delete SSL certificate signing requests.
    Note: more on CSRs and RSA keys here.

  4. Once the CSR is generated, go ahead and purchase your SSL certificate.

  5. When you receive the certificate key, you can now install the certificate; you will need your Certificate Key, Private RSA key, and CA Bundle (Intermediate Certificate) on hand.

    The Certificate Key and CA Bundle are provided after you order the SSL certificate and it's been approved. The Private RSA Key is provided when you generate the CSR. More info on CSRs and RSAs is here.

  6. Log in to cPanel.

  7. Click the Install SSL Certificate link.

  8. From the Domain dropdown, select the domain that does not have 'www.' in front of it.

  9. Now, in doing this, when cPanel generates the block of code in the httpd.conf file, it's going to set the document root to the following:


    And that's okay, but if you want to set subdomains outside the public_html directory, then the wildcard SSL won't work unless you manually modify the httpd.conf file, which you can't do since it requires root access.

    So, to get around this, we need to use mod_rewrite to redirect requests to the appropriate directory.

  10. When you set up a subdomain, you can set the path to the document root, and it's probably best to do something like this:


  11. In the .htaccess file in your public_html directory, for each sub domain that needs an SSL certificate, you will need to add the following:

    RewriteCond %{SERVER_PORT} ^443$
    RewriteCond %{HTTP_HOST} ^sub\.domain\.com$ [NC]
    RewriteCond %{REQUEST_URI} !^/domains/sub\.domain\.com/
    RewriteRule ^(.*)$ /domains/sub.domain.com/$

    You'll want to replace path with the appropriate data, of course, but it has to reside in the public_html  directory (although you could create a symbolic link to a directory outside the public_html directory).


If you're using Magento, you don't have to add anything to your .htaccess file. Simply setup additional stores as parked domains.

Did you find this article helpful?

* Your feedback is too short