SSL certificate limitations

There are certain limitations on SSL certificates, which you should be aware of.

Only one SSL certificate can be installed per domain name. So, if you have two completely separate websites that will need to be able to accept credit card payments directly, you will need two separate SSL certificates.

Once issued, you cannot change any details about your SSL certificate (such as the domain name it uses) or purchase more time to keep it active for longer.

Expirations
Your SSL certificate will expire at some point. If you purchased it through HostPapa, we will renew it for you automatically.  Otherwise, you will need to purchase a replacement SSL certificate at that time, or your site will no longer be secure and visitors will receive warnings.

Ecommerce
If you are using an SSL certificate with a shopping cart, you will probably need to enable/turn on the secure sections of the cart. Please review your shopping cart documentation to make sure you’ve done everything required. In most cases, installing an SSL certificate is not enough.

Dedicated IPs and SNIs
With other hosts, a private SSL certificate requires its own dedicated IP address, which does not come included with shared web hosting. However, for Starter, Business and Business Pro hosting clients, a Let’s Encrypt SSL certificate has been enabled on your account through the use of a Server Name Indication (SNI).

An SNI is an extension to the SSL/TLS protocol by which a client indicates which hostname it is attempting to connect to at the start of the connection process. This allows a server to present multiple certificates on the same IP address and allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate.

Insecure elements on an SSL-secured site
While browsing the web, you’ll probably have received a warning that says a site which is apparently using SSL is actually serving insecure content. That’s not because they’re up to anything malicious, but because they’re loading assets from other sites or services — social media widgets or advertising most frequently — that aren’t encrypted.

The browser doesn’t want users to think a site it totally secure when it isn’t, and will issue a warning, which can be off-putting to many users who don’t understand the implications.

This is less of a problem than it used to be as most advertising networks serve encrypted content and most social media networks now use SSL. But, mixed mode issues are not completely solved, and may still impact sites with SSL implemented without careful testing of third-party content.

This article is also available in: French Spanish German

Related Articles